Python Exploits

6,675 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-8927 EXPLOITDB HIGH python VERIFIED
Larson VizEx Reader <9.7.5 - Buffer Overflow
Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
by Muhann4d
CVSS 7.8
CVE-2017-8926 EXPLOITDB HIGH python VERIFIED
Halliburton LogView Pro 10.0.1 - Buffer Overflow
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
by Muhann4d
CVSS 7.8
CVE-2017-7478 EXPLOITDB HIGH python VERIFIED
OpenVPN 2.3.12-2.3.14 - Unauthenticated Denial of Service via Large Control Packet
OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.
by QuarksLab
CVSS 7.5
CVE-2017-0147 EXPLOITDB HIGH python
Microsoft Windows - SMBv1 Information Disclosure via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
by Juan Sacco
CVSS 7.5
CVE-2017-0146 EXPLOITDB HIGH python
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.
by Juan Sacco
CVSS 8.8
CVE-2017-0145 EXPLOITDB HIGH python
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.
by Juan Sacco
CVSS 8.8
CVE-2017-0144 EXPLOITDB HIGH python
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by Juan Sacco
CVSS 8.8
CVE-2017-0143 EXPLOITDB HIGH python
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by Juan Sacco
CVSS 8.8
CVE-2017-0148 EXPLOITDB HIGH python
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.
by Juan Sacco
CVSS 8.1
CVE-2017-5689 EXPLOITDB CRITICAL python
Intel AMT Digest Authentication Bypass Scanner
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
by nixawk
CVSS 9.8
CVE-2017-8852 EXPLOITDB HIGH python VERIFIED
SAP SAPCAR 721.510 - Heap-Based Buffer Overflow via Crafted CAR Archive
SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560.
by Core Security
CVSS 7.8
EIP-2026-104034 EXPLOITDB python
Oracle GoldenGate 12.1.2.0.0 - Remote Code Execution
by Silent Signal
CVE-2017-8869 EXPLOITDB HIGH python VERIFIED
MediaCoder 0.8.48.5888 - Remote Code Execution via Crafted .m3u File
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
by Muhann4d
CVSS 7.8
CVE-2017-5135 EXPLOITDB CRITICAL python
Technicolor DPC3928SL - Auth Bypass
Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.
by nixawk
CVSS 9.1
CVE-2017-20220 EXPLOITDB HIGH python
Serviio PRO 1.8 Unauthenticated Password Change via REST API
Serviio PRO 1.8 contains an improper access control vulnerability in the Configuration REST API that allows unauthenticated attackers to change the mediabrowser login password. Attackers can send specially crafted requests to the REST API endpoints to modify credentials without authentication.
by LiquidWorm
CVSS 7.5
CVE-2017-20217 EXPLOITDB HIGH python
Serviio PRO 1.8 REST API Information Disclosure
Serviio PRO 1.8 contains an information disclosure vulnerability due to improper access control enforcement in the Configuration REST API that allows unauthenticated attackers to access sensitive information. Remote attackers can send specially crafted requests to the REST API endpoints to retrieve potentially sensitive configuration data without authentication.
by LiquidWorm
CVSS 7.5
EIP-2026-119423 EXPLOITDB python
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
by LiquidWorm
EIP-2026-103890 EXPLOITDB python
Dahua Generation 2/3 - Backdoor Access
by bashis
CVE-2017-3599 EXPLOITDB HIGH python VERIFIED
MySQL Server <5.6.35, <5.7.17 - DoS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.
by Rodrigo Marcos
CVSS 7.5
EIP-2026-103258 EXPLOITDB python
Alerton Webtalk 2.5/3.3 - Multiple Vulnerabilities
by David Tomaschik
EIP-2026-115470 EXPLOITDB python VERIFIED
IrfanView 4.44 - Denial of Service
by Dreivan Orprecio
EIP-2026-112838 EXPLOITDB python
TYPO3 Extension News - SQL Injection
by Charles Fol
EIP-2026-112092 EXPLOITDB python
Simple File Uploader - Arbitrary File Download
by Daniel Godoy
CVE-2017-7720 EXPLOITDB HIGH python VERIFIED
PrivateTunnel 2.7-2.8 - Buffer Overflow
Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.
by Muhann4d
CVSS 7.8
EIP-2026-118874 EXPLOITDB python
Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution
by vportal