Python Exploits
5,949 exploits tracked across all sources.
Target Longlife Media Player 2.0.2.0 - '.wav' Crash (PoC)
by gunslinger_
eM Client e-mail client 5.0.18025.0 - Persistent Cross-Site Scripting
by loneferret
Gomlab Gom Player < 2.2.53.5169 - Improper Input Validation
Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file.
by ariarat
Mac OS X Sudo Password Bypass
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
by David Kennedy (ReL1K)
Winamp <5.64 Build 3418 - Buffer Overflow
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
by Ayman Sagy
dreamMail e-mail client 4.6.9.2 - Persistent Cross-Site Scripting
by loneferret
NETGEAR ProSafe - Info Disclosure
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier; GS748Tv4 with firmware 5.4.1.14; GS510TP with firmware 5.4.0.6; GS752TPS, GS728TPS, GS728TS, and GS725TS with firmware 5.3.0.17; and GS752TXS and GS728TXS with firmware 6.1.0.12 allows remote attackers to read encrypted administrator credentials and other startup configurations via a direct request to filesystem/startup-config.
by Juan J. Guelfo
NETGEAR ProSafe - DoS
NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and earlier, GS748Tv4 5.4.1.14, and GS510TP 5.0.4.4 allows remote attackers to cause a denial of service (reboot or crash) via a crafted HTTP request to filesystem/.
by Juan J. Guelfo
Bitbot (C2 Web Panel) - 'gate2.php' Multiple Vulnerabilities
by bwall
PCMan's FTP Server 2.0.7 - RCE
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Polunchis
Videolan Vlc Media Player < 2.0.8 - Improper Input Validation
VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.
by Asesino04
MinaliC WebServer 2.0.0 - Remote Buffer Overflow (Egghunter)
by PuN1sh3r
Sami FTP Server 2.0.1 - MKD Buffer Overflow ASLR Bypass (SEH)
by Polunchis
HP Data Protector - Improper Input Validation
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by Alessandro Di Pinto & Claudio Moletta
Open-ftpd < 1.2 - Authentication Bypass
Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.
by Wireghoul
Mostgear Easy Lan Folder Share - Memory Corruption
Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in the (1) registration code field in the activate license window or the (2) HKLM\SOFTWARE\MostGear\EasyLanFolderShare_V1\License registry key. NOTE: it is not clear from the original report whether this issue crosses privilege boundaries. If not, then it should not be included in CVE.
by sagi-
PCMan's FTP Server 2.0.7 - RCE
Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command.
by Ottomatik
Novell Client - Access Control
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
by sickness
OpenEMM-2013 8.10.380.hf13.0.066 - SOAP SQL Injection / Persistent Cross-Site Scripting
by drone
Broadcom ACSD - RCE
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
by Jacob Holcomb
CVSS 9.8
Galil RIO-47100 Pocket PLC - DoS
The Galil RIO-47100 Pocket PLC allows remote attackers to cause a denial of service via a session that includes "repeated requests."
by Sapling
By Source