Python Exploits

6,675 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-1158 EXPLOITDB python
CUPS < 2.0.3 - Remote Code Execution via IPP Job Request
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
by @0x00string
EIP-2026-101386 EXPLOITDB python
Netwave IP Camera - Password Disclosure
by spiritnull
EIP-2026-103340 EXPLOITDB python
WordPress Core 4.7.0/4.7.1 - Content Injection
by leonjza
EIP-2026-115786 EXPLOITDB python VERIFIED
Microsoft Windows 10 - SMBv3 Tree Connect (PoC)
by laurent gaffie
EIP-2026-107580 EXPLOITDB python VERIFIED
HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download
by Mariusz Poplawski
CVE-2017-5521 EXPLOITDB HIGH python VERIFIED
NETGEAR R8500-R8000 - Info Disclosure
An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug is exploitable remotely if the remote management option is set, and can also be exploited given access to the router over LAN or WLAN. When trying to access the web panel, a user is asked to authenticate; if the authentication is canceled and password recovery is not enabled, the user is redirected to a page that exposes a password recovery token. If a user supplies the correct token to the page /passwordrecovered.cgi?id=TOKEN (and password recovery is not enabled), they will receive the admin password for the router. If password recovery is set the exploit will fail, as it will ask the user for the recovery questions that were previously set when enabling that feature. This is persistent (even after disabling the recovery option, the exploit will fail) because the router will ask for the security questions.
by Trustwave's SpiderLabs
CVSS 8.1
EIP-2026-114951 EXPLOITDB python
Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference Denial of Service
by b0nd
EIP-2026-103132 EXPLOITDB python VERIFIED
Haraka < 2.8.9 - Remote Command Execution
by Xychix
CVE-2017-3241 EXPLOITDB CRITICAL python VERIFIED
Oracle Java SE 6u131, 7u121, 8u112; Java SE Embedded 8u111; JRockit R28.3.12 - Remote Code Execution via RMI
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts).
by ERPScan
CVSS 9.0
CVE-2016-9838 EXPLOITDB HIGH python
Joomla! < 3.6.4 - Improper Access Control via Registration Form Session Data
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
by Charles Fol
CVSS 7.5
CVE-2012-1563 EXPLOITDB HIGH python
Joomla! < 2.5.3 - Unauthenticated Admin Account Creation
Joomla! before 2.5.3 allows Admin Account Creation.
by Charles Fol
CVSS 7.5
EIP-2026-117901 EXPLOITDB python VERIFIED
SentryHD 02.01.12e - Local Privilege Escalation
by Kacper Szurek
CVE-2016-20048 EXPLOITDB HIGH python
iSelect 1.4.0-2+b1 Local Buffer Overflow via key parameter
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges.
by Juan Sacco
CVSS 8.4
EIP-2026-119281 EXPLOITDB python VERIFIED
WinaXe Plus 8.7 - Remote Buffer Overflow
by Peter Baris
EIP-2026-118428 EXPLOITDB python VERIFIED
DiskBoss Enterprise 7.5.12 - 'POST' Remote Buffer Overflow (SEH)
by Wyndell Bibera
CVE-2016-10045 EXPLOITDB CRITICAL python
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
by Dawid Golunski
CVSS 9.8
CVE-2016-10034 EXPLOITDB CRITICAL python
Zend Framework < 2.4.11 and zend-mail < 2.4.11 - Remote Code Execution via Sendmail Adapter setFrom Function
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
by Dawid Golunski
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL python
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by Dawid Golunski
CVSS 9.8
EIP-2026-118692 EXPLOITDB python VERIFIED
Internet Download Accelerator 6.10.1.1527 - FTP Buffer Overflow (SEH)
by Fady Mohammed Osman
CVE-2016-10074 EXPLOITDB CRITICAL python
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
by Dawid Golunski
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL python
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by anarc0der
CVSS 9.8
CVE-2016-10079 EXPLOITDB HIGH python
SAPlpd < 7400.3.11.33 - Denial of Service via Long String to TCP Port 515
SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
by Peter Baris
CVSS 7.5
CVE-2016-10033 EXPLOITDB CRITICAL python
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
by Dawid Golunski
CVSS 9.8
CVE-2016-10045 EXPLOITDB CRITICAL python
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
by Dawid Golunski
CVSS 9.8
EIP-2026-115312 EXPLOITDB python VERIFIED
FTPShell Server 6.36 - '.csv' Local Denial of Service
by sultan albalawi