Python Exploits
5,949 exploits tracked across all sources.
Sami FTP Server 2.0.1 - 'LIST' Buffer Overflow
by superkojiman
HansoTools Hanso Player <2.5.0 - Buffer Overflow
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
by metacom
Microsoft Office - Buffer Overflow
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
by g11tch
CVSS 7.8
Photodex ProShow Producer 5.0.3297 - '.pxs' Memory Corruption
by Julien Ahrens
Freefloat FTP Server 1.0 - 'Raw' Remote Buffer Overflow
by superkojiman
Haxx Curl - Memory Corruption
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.
by Volema
Schneider Electric Accutech Manager <2.00.1 - Buffer Overflow
Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request.
by Evren Yalçın
Verax NMS - Multiple Method Authentication Bypass
by Andrew Brooks
Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read
by Debasish Mandal
SQLiteManager 1.2.4 - Remote PHP Code Injection
by RealGame
Serva 2.0.0 - HTTP Server GET Remote Denial of Service
by Julien Ahrens
Serva 2.0.0 - DNS Server QueryName Remote Denial of Service
by Julien Ahrens
Nagios < 3.4.3 - Memory Corruption
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
by blasty
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution
by Debasish Mandal
Belkin N150 Wireless Router - Cryptographic Issue
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.
by ZhaoChunsheng
OAstium VoIP PBX astium-confweb-2.1-25399 - Auth Bypass & RCE
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
by xistence
By Source