Python Exploits
5,949 exploits tracked across all sources.
MySQL <5.5.8 - DoS
MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.
by Level
Microsoft Windows Media Player 11.0.5721.5262 - Remote Denial of Service
by Level
Public Knowledge Open Journal Systems < 2.3.6 - CSRF
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
by mr_me
Public Knowledge Open Conference Systems < 2.3.4 - CSRF
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.
by mr_me
Public Knowledge Open Harvester Systems < 2.3.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
by mr_me
Splunk < 4.2.5 - Authentication Bypass
Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-console session that leverages the ability to create crafted data sources, or (2) execute management commands via an HTTP request.
by Gary O'Leary-Steele
Splunk - Path Traversal
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.
by Gary O'Leary-Steele
Splunk - CSRF
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
by Gary O'Leary-Steele
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4642. Reason: This candidate is a reservation duplicate of CVE-2011-4642. Notes: All CVE users should reference CVE-2011-4642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
by Gary O'Leary-Steele
Cyberlink Power2go - Memory Corruption
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
by modpr0be
SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)
by LiquidWorm
MiniSmtp 3.0.11818 - RCE
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
by Zune
Microsoft Windows XP/Server 2003 - Privilege Escalation
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by ryujin
CVSS 7.8
Gomlab Gom Player - Memory Corruption
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
by Debasish Mandal
Titan FTP Server 8.40 - 'APPE' Remote Denial of Service
by Houssam Sahli
Xchat < 2.8.9 - Memory Corruption
Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.
by Jane Doe
Wireshark <1.4.5 - Buffer Overflow
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
by ipv
Thunder Kankan Player 4.8.3.840 - Stack Overflow / Denial of Service
by hellok
Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow
by swami
Aviosoft Digital TV Player Professional 1.x - Local Stack Buffer Overflow
by modpr0be
Apple Mac OSX 10.6.5 / iOS 4.3.3 Mail - Denial of Service
by shebang42
By Source