Python Exploits
6,675 exploits tracked across all sources.
Cerberus FTP Server 8.0.10.1 - Denial of Service via Long Host Header
In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header.
by Peter Baris
CVSS 7.5
Ether Software Easy MOV Converter 1.4.24 - Buffer Overflow via Long Username
Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD Creator, Easy MPEG/AVI/DIVX/WMV/RM to DVD, Easy Avi/Divx/Xvid to DVD Burner, Easy MPEG to DVD Burner, Easy WMV/ASF/ASX to DVD Burner, Easy RM RMVB to DVD Burner, Easy CD DVD Copy, MP3/AVI/MPEG/WMV/RM to Audio CD Burner, MP3/WAV/OGG/WMA/AC3 to CD Burner, MP3 WAV to CD Burner, My Video Converter, Easy AVI DivX Converter, Easy Video to iPod Converter, Easy Video to PSP Converter, Easy Video to 3GP Converter, Easy Video to MP4 Converter, and Easy Video to iPod/MP4/PSP/3GP Converter allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long username.
by Muhann4d
CVSS 7.8
Sagemcom Livebox 3 SG30_sip-fr-5.15.8.1 - Denial of Service via IPv6 Routing Table Exhaustion
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently large default value for the maximum IPv6 routing table size: it can be filled within minutes. An attacker can exploit this issue to render the affected system unresponsive, resulting in a denial-of-service condition for telephone, Internet, and TV services.
by Quentin Olagne
CVSS 7.5
EvoStream Media Server 1.7.1 - Buffer Overflow via Malicious HTTP Header
A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A crafted HTTP request with a malicious header will cause a crash. An example attack methodology may include a long message-body in a GET request.
by Peter Baris
CVSS 7.5
Azure Data Expert Ultimate 2.2.16 - Remote Code Execution via SMTP 220 String Buffer Overflow
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
by Peter Baris
CVSS 9.8
Apache Struts 2.3.x < 2.3.32 and 2.5.x < 2.5.10.1 - Remote Code Execution via Jakarta Multipart Parser
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
by Vex Woo
CVSS 9.8
FTPShell Client 6.53 - Remote Code Execution via PWD Response Buffer Overflow
Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.
by Peter Baris
CVSS 9.8
Wordpress Plugin Mobile App Native 3.0 - Remote File Upload
Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.
by The Martian
CVSS 7.5
WordPress Plugin Webapp-Builder v2.0 - Info Disclosure
Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/
by The Martian
CVSS 9.8
WordPress Plugin Mobile-App-Build By Wappress <1.05 - Info Disclosure
Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
by The Martian
CVSS 9.8
mobile-friendly-app-builder-by-easytouch 3.0 - Unauthenticated Arbitrary File Upload via images.php
Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content.
by The Martian
CVSS 9.8
wp2android-turn-wp-site-into-android-app 1.1.4 - Unrestricted Upload of File with Dangerous Type
Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android-app v1.1.4, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com.
by The Martian
CVSS 9.8
Schneider Electric Conext ComBox 865-1058 Firmware < 3.03 - Denial of Service via Rapid Requests
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
by Mark Liapustin & Arik Kublanov
CVSS 7.5
SysGauge 1.5.18 - Buffer Overflow via SMTP Service Ready String
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
by Peter Baris
CVSS 9.8
Synchronet BBS 3.16c - Denial of Service via HTTP Referer Header
Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.
by Peter Baris
CVSS 7.5
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
by SivertPL
CVSS 8.8
DiskSavvy Enterprise 9.4.18 - Remote Code Execution via Long URI in GET Request
Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request.
by Peter Baris
CVSS 9.8
Fibaro Home Center 2 - Remote Command Execution / Privilege Escalation
by forsec
Grails PDF Plugin 0.6 - XML External Entity Injection
by Charles Fol
NETGEAR DGN2200 Firmware < 10.0.0.50 - Authenticated OS Command Injection via ping_IPAddr Parameter
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
by SivertPL
CVSS 9.8
ShadeYouVPN Client 2.0.1.11 - Local Privilege Escalation
by Kacper Szurek
BIG-IP Local Traffic Manager - Exposure of Sensitive Information via Session Tickets
A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well.
by @0x00string
CVSS 7.5
By Source