Python Exploits
5,949 exploits tracked across all sources.
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
by mr_me
XM Easy Personal FTP Server 5.3.0 - Buffer Overflow
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
by mr_me
Adobe Illustrator < CS6 - Memory Corruption
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
by Felipe Andres Manzano
Edimax IC-3030iWn - UDP Packet Password Information Disclosure
by y3dips
Apple iTunes <10.6.3 - Buffer Overflow
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
by LiquidWorm
Oracle Mysql - Authentication Bypass
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
by David Kennedy (ReL1K)
F5 Big-ip 3600 - Credentials Management
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by David Kennedy (ReL1K)
Lattice Semiconductor PAC-Designer <6.2.1344 - Buffer Overflow
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.
by b33f
Audio Editor Master 5.4.1.217 - Denial of Service
by Onying
Bigware Shop 2.1x - 'main_bigware_54.php' SQL Injection
by rwenzel
WHMCompleteSolution (WHMCS) - 'boleto_bb.php' SQL Injection
by dex
Symantec Web Gateway <5.0.3 - RCE
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
by muts
Novell Netware Client - Improper Input Validation
NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, allows local users to execute arbitrary code by opening the \\.\nicm device and providing crafted kernel addresses via IOCTLs with the METHOD_NEITHER buffering mode.
by sickness
Realvnc - Authentication Bypass
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
by fdiskyou
Guitar-pro Guitar Pro - Memory Corruption
Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file.
by condis
PHP <5.3.13 & <5.4.3 - DoS
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
by rayh4c
AnvSoft Any Video Converter 4.3.6 - Local Stack Overflow
by cikumel
SolarWinds <5.1.2 - SQL Injection
SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field.
by muts
CVSS 9.8
Lan Messenger1.2.28 - Memory Corruption
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.
by Julien Ahrens
Mikrotik Routeros - Denial of Service
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll.
by PoURaN
Twd-industries Remote-anything - Memory Corruption
Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file.
by Saint Patrick
Nokia PC Suite <7.1.180.64 - Buffer Overflow
Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.
by Senator of Pirates
By Source