Python Exploits

6,674 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-119365 EXPLOITDB python
Easy File Sharing Web Server 7.2 - Unrestricted File Upload
by Chako
EIP-2026-117095 EXPLOITDB python
Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)
by Chako
EIP-2026-118468 EXPLOITDB python
Easy File Sharing Web Server 7.2 - GET 'PassWD' Remote Buffer Overflow (SEH)
by clubjk
CVE-2017-20227 EXPLOITDB CRITICAL python
JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow
JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell.
by Juan Sacco
CVSS 9.8
CVE-2017-1297 EXPLOITDB HIGH python
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, 11.1 - Stack-based Buffer Overflow
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
by defensecode
CVSS 7.3
CVE-2016-10045 EXPLOITDB CRITICAL python
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
by phackt_ul
CVSS 9.8
CVE-2016-10034 EXPLOITDB CRITICAL python
Zend Framework < 2.4.11 and zend-mail < 2.4.11 - Remote Code Execution via Sendmail Adapter setFrom Function
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
by phackt_ul
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL python
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by phackt_ul
CVSS 9.8
CVE-2016-10074 EXPLOITDB CRITICAL python
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
by phackt_ul
CVSS 9.8
EIP-2026-119167 EXPLOITDB python
SpyCamLizard 1.230 - Remote Buffer Overflow
by abatchy17
EIP-2026-103283 EXPLOITDB python
IBM Informix Dynamic Server - Code Injection / Remote Code Execution
by IMgod
CVE-2025-34096 EXPLOITDB CRITICAL python
Easy File Sharing HTTP Server 7.2 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Easy File Sharing HTTP Server version 7.2. The flaw is triggered when a crafted POST request is sent to the /sendemail.ghp endpoint containing an overly long Email parameter. The application fails to properly validate the length of this field, resulting in a memory corruption condition. An unauthenticated remote attacker can exploit this to execute arbitrary code with the privileges of the server process.
by bl4ck h4ck3r
EIP-2026-118087 EXPLOITDB python
VX Search Enterprise 9.7.18 - Local Buffer Overflow
by ScrR1pTK1dd13
CVE-2017-2741 EXPLOITDB CRITICAL python
HP PageWide/OfficeJet Pro <1708D - RCE
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
by Jacob Baines
CVSS 9.8
EIP-2026-117096 EXPLOITDB python
Easy MOV Converter 1.4.24 - 'Enter User Name' Local Buffer Overflow (SEH)
by abatchy17
EIP-2026-118464 EXPLOITDB python
Easy File Sharing Web Server 7.2 - 'POST' Remote Buffer Overflow
by Touhid M.Shaikh
EIP-2026-117045 EXPLOITDB python
Disk Pulse 9.7.26 - 'Add Directory' Local Buffer Overflow
by abatchy17
EIP-2026-117982 EXPLOITDB python
Sync Breeze 9.7.26 - 'Add Exclude Directory' Local Buffer Overflow
by abatchy17
EIP-2026-117057 EXPLOITDB python
DiskBoss 8.0.16 - 'Input Directory' Local Buffer Overflow
by abatchy17
EIP-2026-103160 EXPLOITDB python
Logpoint < 5.6.4 - Root Remote Code Execution
by agix
EIP-2026-117050 EXPLOITDB python
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow
by abatchy17
CVE-2017-4914 EXPLOITDB CRITICAL python VERIFIED
VMware vSphere Data Protection 5.5.x-6.1.x - Remote Code Execution via Deserialization
VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x contains a deserialization issue. Exploitation of this issue may allow a remote attacker to execute commands on the appliance.
by Kelly Correll
CVSS 9.8
CVE-2017-20226 EXPLOITDB HIGH python
Mapscrn 2.0.3 Stack-Based Buffer Overflow
Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized input buffer. Attackers can craft a malicious buffer with junk data, return address, NOP instructions, and shellcode to overflow the stack and achieve code execution or denial of service.
by Juan Sacco
CVSS 8.4
CVE-2017-9757 EXPLOITDB HIGH python VERIFIED
IPFire < 2.19 - Authenticated Remote Command Injection via OINKCODE Parameter
IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.
by 0x09AL
CVSS 8.8
CVE-2017-9557 EXPLOITDB HIGH python VERIFIED
EFS Software Easy Chat Server <3.1 - Info Disclosure
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
by Aitezaz Mohsin
CVSS 7.5