Python Exploits
6,681 exploits tracked across all sources.
Senkas Kolibri 2.0 - Remote Code Execution via Long URI in POST Request
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
by tekwizz123
CVSS 9.8
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by @0x00string
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Claudio Viviani
GNU Bash through 4.3 bash43-026 - Denial of Service via Deeply Nested For Loops
Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.
by fdiskyou
Joomla! Component com_macgallery 1.5 - Arbitrary File Download
by Claudio Viviani
Joomla! Component com_facegallery 1.0 - Multiple Vulnerabilities
by Claudio Viviani
Tribulant Slideshow Gallery < 1.4.7 - Authenticated Arbitrary File Upload
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
by Claudio Viviani
Joomla! Component Spider Contacts 1.3.6 - 'contacts_id' SQL Injection
by Claudio Viviani
Joomla! Component Spider Calendar 3.2.6 - SQL Injection
by Claudio Viviani
LeapFTP 3.1.0 - URL Handling Buffer Overflow (SEH)
by k3170makan
HTML Help Workshop 1.4 - Local Buffer Overflow (SEH)
by mr.pr0n
HTML Help Workshop 1.4 - Buffer Overflow (SEH) (PoC)
by Moroccan Kingdom (MKD)
Nagios Remote Plugin Executor <2.15 - RCE
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
by Claudio Viviani
xrms_crm - SQL Injection via user_id Parameter
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
by Benjamin Harris
xrms_crm - Authenticated Remote Code Execution via Username Parameter
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
by Benjamin Harris
Plogger < 1.0 - Authenticated Arbitrary File Upload and Remote Code Execution via ZIP Archive
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.
by b0z
PhpWiki 1.5.0 - Remote Code Execution via Ploticus Module Device Option
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
by Benjamin Harris
BlazeDVD Pro Player 7.0 - '.plf' Local Buffer Overflow (SEH)
by metacom
BlazeDVD Pro Player 7.0 - '.plf' Direct RET Local Stack Buffer Overflow
by Giovanni Bartolomucci
By Source