Python Exploits

6,676 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104317 EXPLOITDB python
Manage Engine Application Manager 12.5 - Arbitrary Command Execution
by Bikramaditya Guha
CVE-2015-8261 EXPLOITDB CRITICAL python
Ipswitch WhatsUp Gold <16.4 - SQL Injection
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
by Matt Buzanowski
CVSS 9.8
EIP-2026-116259 EXPLOITDB python VERIFIED
SNScan 1.05 - Scan Hostname/IP Field Buffer Overflow Crash (PoC)
by Daniel Velazquez
CVE-2015-7768 EXPLOITDB python VERIFIED
Konica Minolta FTP Utility 1.0 - RCE
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code via a long CWD command.
by TOMIWA
EIP-2026-115515 EXPLOITDB python
KeePass Password Safe Classic 1.29 - Crash (PoC)
by Mohammad Reza Espargham
CVE-2016-1909 EXPLOITDB CRITICAL python
Fortinet <5.0.12 - Hardcoded Passphrase
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
by operator8203
CVSS 9.8
CVE-2014-6287 EXPLOITDB CRITICAL python VERIFIED
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
by Avinash Thapa
CVSS 9.8
EIP-2026-117215 EXPLOITDB python VERIFIED
FTPShell Client 5.24 - 'Add to Favorites' Buffer Overflow
by INSECT.B
EIP-2026-117217 EXPLOITDB python
FTPShell Client 5.24 - Local Buffer Overflow
by hyp3rlinx
CVE-2015-7874 EXPLOITDB CRITICAL python
portapps/kitty_portable < 0.65.0.2p - Remote Code Execution via Long Nickname
Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname.
by Guillaume Kaddouch
CVSS 9.8
EIP-2026-117389 EXPLOITDB python
KiTTY Portable 0.65.1.1p - Local Saved Session Overflow (Egghunter XP / Denial of Service 7/8.1/10)
by Guillaume Kaddouch
EIP-2026-117388 EXPLOITDB python VERIFIED
KiTTY Portable 0.65.0.2p (Windows 8.1/10) - Local kitty.ini Overflow
by Guillaume Kaddouch
EIP-2026-117387 EXPLOITDB python VERIFIED
KiTTY Portable 0.65.0.2p (Windows 7) - Local kitty.ini Overflow (Wow64 Egghunter)
by Guillaume Kaddouch
CVE-2025-34119 EXPLOITDB HIGH python VERIFIED
EasyCafe Server <2.2.14 - Info Disclosure
A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode 0x43 can be used to request arbitrary files by absolute path. If the file exists and is accessible, its content is returned without authentication. This flaw allows attackers to retrieve sensitive files such as system configuration, password files, or application data.
by R-73eN
EIP-2026-115955 EXPLOITDB python
Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow
by R-73eN
CVE-2015-8562 EXPLOITDB python
Joomla! 1.5.x-3.4.5 - Unauthenticated Remote Code Execution via HTTP User-Agent Header
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
by Andrew McNicol
CVE-2015-8566 EXPLOITDB python
Joomla Session < 1.3.1 - Remote Code Execution via Session Values
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.
by Andrew McNicol
EIP-2026-118470 EXPLOITDB python VERIFIED
Easy File Sharing Web Server 7.2 - HEAD Request Buffer Overflow (SEH)
by ArminCyber
EIP-2026-118469 EXPLOITDB python VERIFIED
Easy File Sharing Web Server 7.2 - GET Buffer Overflow (SEH)
by ArminCyber
EIP-2026-115418 EXPLOITDB python
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - Invalid Pointer Dereference
by Ptrace Security
EIP-2026-115417 EXPLOITDB python
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_SetConfFileChunk' Stack Buffer Overflow (PoC)
by Ptrace Security
EIP-2026-115416 EXPLOITDB python
IBM Tivoli Storage Manager FastBack Server 5.5.4.2 - '_FXCLI_GetConfFileChunk' Stack Buffer Overflow (PoC)
by Ptrace Security
CVE-2015-8562 EXPLOITDB python VERIFIED
Joomla! 1.5.x-3.4.5 - Unauthenticated Remote Code Execution via HTTP User-Agent Header
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
by Sec-1
EIP-2026-119682 EXPLOITDB python
OpenMRS 2.3 (1.11.4) - XML External Entity Processing
by LiquidWorm
CVE-2015-4027 EXPLOITDB python
Acunetix Web Vulnerability Scanner < 10 - Local Privilege Escalation via AcuWVSSchedulerv10 Service
The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan.
by Daniele Linguaglossa