Python Exploits

5,949 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-4751 EXPLOITDB python VERIFIED
OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
by Mike Eduard
CVE-2012-3137 EXPLOITDB python
Oracle Database Server - Info Disclosure
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
by Esteban Martinez Fayo
EIP-2026-116121 EXPLOITDB python VERIFIED
QQPlayer 3.7.892 - m2p 'quartz.dll' Heap Pointer Overwrite (PoC)
by James Ritchey
EIP-2026-115343 EXPLOITDB python VERIFIED
Gom Player 2.1.44.5123 - 'UNICODE' Null Pointer Dereference
by wh1ant
EIP-2026-117670 EXPLOITDB python
NCMedia Sound Editor Pro 7.5.1 - Local Overflow (SEH + DEP Bypass)
by b33f
EIP-2026-114306 EXPLOITDB python
WordPress Theme Archin 3.2 - Configuration Access
by bwall
EIP-2026-102969 EXPLOITDB python VERIFIED
Reaver Pro - Local Privilege Escalation
by infodox
CVE-2012-2998 EXPLOITDB python VERIFIED
Trend Micro Control Manager <5.5.0.1823, <6.0.0.1449 - SQL Injection
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
by otoy
EIP-2026-103208 EXPLOITDB python VERIFIED
QNX 6.5.0 / QCONN 1.4.207944 - Remote Command Execution
by Mor!p3r
EIP-2026-116203 EXPLOITDB python VERIFIED
SafeNet Sentinel Keys Server - Crash (PoC)
by retset
EIP-2026-103214 EXPLOITDB python VERIFIED
Samba 3.5.11/3.6.3 - Remote Code Execution
by kb
EIP-2026-102047 EXPLOITDB python
Thomson Wireless VoIP Cable Modem - Authentication Bypass
by Glafkos Charalambous
EIP-2026-117669 EXPLOITDB python VERIFIED
NCMedia Sound Editor Pro 7.5.1 - 'MRUList201202.dat' File Handling Buffer Overflow
by Julien Ahrens
EIP-2026-101455 EXPLOITDB python
Sitecom MD-25x - Multiple Vulnerabilities
by Mattijs van Ommeren
CVE-2012-4415 EXPLOITDB python VERIFIED
Fedora < 0.6.2 - Memory Corruption
Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.
by Michael Jumper
CVE-2012-4751 EXPLOITDB python
OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.
by Mike Eduard
CVE-2012-10043 EXPLOITDB CRITICAL python VERIFIED
ActFax Server <4.32 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.
by Craig Freyman
EIP-2026-105661 EXPLOITDB python
businesswiki 2.5rc3 - Persistent Cross-Site Scripting / Arbitrary file upload
by Shai rod
CVE-2012-2612 EXPLOITDB python VERIFIED
SAP NetWeaver <7.0 EHP2 - DoS
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
by Core Security
CVE-2012-2977 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
by Kc57
CVE-2006-0469 EXPLOITDB python
Uebimiau - XSS
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
by Shai rod
EIP-2026-107596 EXPLOITDB python
Hivemail Webmail - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Shai rod
EIP-2026-107537 EXPLOITDB python
GWebmail 0.7.3 - Cross-Site Scripting / Local File Inclusion / Remote Code Execution
by Shai rod
EIP-2026-102377 EXPLOITDB python
hupa webmail 0.0.2 - Persistent Cross-Site Scripting
by Shai rod
EIP-2026-107787 EXPLOITDB python VERIFIED
IlohaMail Webmail - Persistent Cross-Site Scripting
by Shai rod
By Source
All 5,949 Writeup 54,687 Exploitdb 50,186 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,949 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24