Python Exploits

5,949 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-10033 EXPLOITDB CRITICAL python
Kimai <0.9.2.x - SQL Injection
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
by drone
EIP-2026-117726 EXPLOITDB python VERIFIED
Ophcrack 3.5.0 - Code Execution Local Buffer Overflow
by xis_one
CVE-2013-2028 EXPLOITDB python
F5 Nginx < 1.4.0 - Out-of-Bounds Write
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
by Mert SARICA
CVE-2013-0145 EXPLOITDB python VERIFIED
Vercot Serva32 - Memory Corruption
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
by Sapling
EIP-2026-115841 EXPLOITDB python VERIFIED
MiniWeb HTTP Server 300 - Crash (PoC)
by dmnt
EIP-2026-102935 EXPLOITDB python
No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
by Alberto Ortega
EIP-2026-115536 EXPLOITDB python VERIFIED
Lan Messenger - sending PM 'UNICODE' Overwrite Buffer Overflow (SEH)
by ariarat
CVE-2012-6081 EXPLOITDB python VERIFIED
Moinmoin < 1.9.5 - Unrestricted File Upload
Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
by HTP
CVE-2012-6495 EXPLOITDB python VERIFIED
Moinmoin < 1.9.5 - Path Traversal
Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
by HTP
CVE-2013-3336 EXPLOITDB python
Adobe ColdFusion <10 - Info Disclosure
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to read arbitrary files via unknown vectors.
by HTP
EIP-2026-116704 EXPLOITDB python VERIFIED
ABBS Audio Media Player 3.1 - '.lst' Local Buffer Overflow
by Julien Ahrens
CVE-2013-5660 EXPLOITDB python VERIFIED
Powersoftware Winarchiver - Memory Corruption
Buffer overflow in Power Software WinArchiver 3.2 allows remote attackers to execute arbitrary code via a crafted .zip file.
by RealPentesting
CVE-2013-5656 EXPLOITDB HIGH python VERIFIED
Fuzezip - Out-of-Bounds Write
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
by RealPentesting
CVSS 7.8
EIP-2026-115212 EXPLOITDB python VERIFIED
Elecard MPEG Player - '.m3u' File Buffer Overflow
by metacom
CVE-2002-1549 EXPLOITDB python VERIFIED
Light HTTPd 0.1 - RCE
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Jacob Holcomb
CVE-2013-5657 EXPLOITDB HIGH python VERIFIED
Aultware Pwstore - Denial of Service
AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request
by Josep Pi Rodriguez
CVSS 7.5
EIP-2026-118904 EXPLOITDB python VERIFIED
MinaliC WebServer 2.0.0 - Remote Buffer Overflow
by superkojiman
CVE-2013-3535 EXPLOITDB python
Themelogik Cmslogik - XSS
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.
by LiquidWorm
CVE-2006-6184 EXPLOITDB python VERIFIED
Alliedtelesyn At-tftp < 1.9 - Buffer Overflow
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
by xis_one
EIP-2026-118582 EXPLOITDB python VERIFIED
Freefloat FTP Server 1.0 - DEP Bypass with ROP
by negux
EIP-2026-118320 EXPLOITDB python VERIFIED
BigAnt Server 2.97 - DDNF 'Username' Remote Buffer Overflow
by Craig Freyman
EIP-2026-117270 EXPLOITDB python VERIFIED
HexChat 2.9.4 - Local Overflow
by Matt Andreko
EIP-2026-116056 EXPLOITDB python VERIFIED
Personal File Share 1.0 - Denial of Service
by npn
EIP-2026-115188 EXPLOITDB python VERIFIED
Easy DVD Player 3.5.1 - libav 'libavcodec_plugin.dll' Denial of Service
by metacom
EIP-2026-118325 EXPLOITDB python VERIFIED
BlazeVideo HDTV Player Standard - '.plf' File Remote Buffer Overflow
by metacom
By Source
All 5,949 Writeup 54,687 Exploitdb 50,186 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,949 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24