Python Exploits

6,675 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-9557 EXPLOITDB HIGH python VERIFIED
EFS Software Easy Chat Server <3.1 - Info Disclosure
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.
by Aitezaz Mohsin
CVSS 7.5
CVE-2017-9544 EXPLOITDB CRITICAL python VERIFIED
EFS Software Easy Chat Server <3.1 - Buffer Overflow
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
by Aitezaz Mohsin
CVSS 9.8
CVE-2017-9543 EXPLOITDB HIGH python VERIFIED
EFS Software Easy Chat Server <3.1 - RCE
register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to reset arbitrary passwords via a crafted POST request to registresult.htm.
by Aitezaz Mohsin
CVSS 7.5
EIP-2026-102092 EXPLOITDB python
Uniview NVR - Password Disclosure
by B1t
CVE-2016-3087 EXPLOITDB CRITICAL python
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
by nixawk
CVSS 9.8
CVE-2025-34035 EXPLOITDB CRITICAL python
EnGenius EnShare Cloud Service <1.4.11 - Command Injection
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
by LiquidWorm
CVSS 9.8
EIP-2026-115148 EXPLOITDB python VERIFIED
Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
by n3ckD_
CVE-2025-34098 EXPLOITDB HIGH python
Riverbed SteelHead VCX <9.6.0a - Path Traversal
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
by Gregory Draperi
CVE-2017-20225 EXPLOITDB CRITICAL python
TiEmu 2.08 Stack-Based Buffer Overflow Vulnerability
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.
by Juan Sacco
CVSS 9.8
EIP-2026-112601 EXPLOITDB python
TerraMaster F2-420 NAS TOS 3.0.30 - Root Remote Code Execution
by Simone Margaritelli
EIP-2026-102090 EXPLOITDB python
uc-http Daemon - Local File Inclusion / Directory Traversal
by Project Insecurity
CVE-2016-20049 EXPLOITDB CRITICAL python
JAD 1.5.8e-1kali1 Stack-Based Buffer Overflow Remote Code Execution
JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 8150 bytes to overflow the stack, overwrite return addresses, and execute shellcode in the application context.
by Juan Sacco
CVSS 9.8
EIP-2026-116212 EXPLOITDB python VERIFIED
Sandboxie 5.18 - Local Denial of Service
by ScrR1pTK1dd13
EIP-2026-117077 EXPLOITDB python
Dup Scout Enterprise 9.7.18 - '.xml' Local Buffer Overflow
by ScrR1pTK1dd13
CVE-2017-7494 EXPLOITDB CRITICAL python VERIFIED
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
by steelo
CVSS 9.8
EIP-2026-102509 EXPLOITDB python
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
by f3ci
EIP-2026-102508 EXPLOITDB python
NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion
by f3ci
EIP-2026-101514 EXPLOITDB python
Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution
by Ike-Clinton
EIP-2026-116352 EXPLOITDB python VERIFIED
Sure Thing Disc Labeler 6.2.138.0 - Buffer Overflow (PoC)
by Chance Johnson
EIP-2026-119669 EXPLOITDB python
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution
by Ambionics Security
EIP-2026-119668 EXPLOITDB python
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution
by Ambionics Security
CVE-2017-0144 EXPLOITDB HIGH python VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by sleepya
CVSS 8.8
CVE-2017-0144 EXPLOITDB HIGH python VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by sleepya
CVSS 8.8
CVE-2017-3548 EXPLOITDB MEDIUM python
Oracle PeopleSoft Products <8.56 - Info Disclosure
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
by Charles Fol
CVSS 6.5
CVE-2017-18047 EXPLOITDB CRITICAL python VERIFIED
LabF nfsAxe 3.7 - Buffer Overflow via Long FTP Reply
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
by Tulpa
CVSS 9.8