Python Exploits

6,688 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114916 EXPLOITDB python VERIFIED
Apple Quick Time Player (Windows) 7.7.3 - Out of Bound Read
by Debasish Mandal
EIP-2026-104454 EXPLOITDB python VERIFIED
SQLiteManager 1.2.4 - Remote PHP Code Injection
by RealGame
EIP-2026-116235 EXPLOITDB python VERIFIED
Serva 2.0.0 - HTTP Server GET Remote Denial of Service
by Julien Ahrens
EIP-2026-116234 EXPLOITDB python VERIFIED
Serva 2.0.0 - DNS Server QueryName Remote Denial of Service
by Julien Ahrens
CVE-2012-6096 EXPLOITDB python VERIFIED
Nagios Core < 3.4.4 / Icinga 1.6.x < 1.6.2, 1.7.x < 1.7.4, 1.8.x < 1.8.4 - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
by blasty
EIP-2026-101005 EXPLOITDB python
Colloquy 1.3.5/1.3.6 - Denial of Service
by UberLame
EIP-2026-117320 EXPLOITDB python VERIFIED
Inmatrix Ltd. Zoom Player 8.5 - '.jpeg'File Memory Corruption / Arbitrary Code Execution
by Debasish Mandal
EIP-2026-103443 EXPLOITDB python VERIFIED
Colloquy - Remote Denial of Service
by Aph3x
EIP-2026-103428 EXPLOITDB python VERIFIED
BT Home Hub - 'uuid' Buffer Overflow
by Zachary Cutlip
EIP-2026-115291 EXPLOITDB python VERIFIED
FoxPlayer 2.9.0 - Denial of Service
by metacom
CVE-2012-4366 EXPLOITDB python VERIFIED
Belkin N150 N300 N450 N900 Wireless Routers - Predictable WPA2-PSK Passphrase
Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames.
by ZhaoChunsheng
CVE-2013-10043 EXPLOITDB CRITICAL python
OAstium VoIP PBX astium-confweb-2.1-25399 - Auth Bypass & RCE
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once authenticated as an administrator, the attacker can upload arbitrary PHP code through the importcompany field in import.php, resulting in remote code execution. The malicious payload is injected into /usr/local/astium/web/php/config.php and executed with root privileges by triggering a configuration reload via sudo /sbin/service astcfgd reload. Successful exploitation leads to full system compromise.
by xistence
EIP-2026-102563 EXPLOITDB python
Astium VoIP PBX 2.1 build 25399 - Remote Crash (PoC)
by xistence
EIP-2026-114881 EXPLOITDB python VERIFIED
Aktiv Player 2.80 - Crash (PoC)
by IndonesiaGokilTeam
EIP-2026-103161 EXPLOITDB python VERIFIED
LShell 0.9.15 - Remote Code Execution
by drone
EIP-2026-101488 EXPLOITDB python
Ubiquiti AirOS 5.5.2 - (Authenticated) Remote Command Execution
by xistence
CVE-2012-5967 EXPLOITDB python
Centreon 2.3.3-2.3.9-4 - Authenticated SQL Injection via menuXML.php menu Parameter
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
by modpr0be
CVE-2012-5375 EXPLOITDB python VERIFIED
Linux kernel < 3.8 - Denial of Service via Btrfs CRC32C Hash Collision
The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.
by Pascal Junod
CVE-2012-4959 EXPLOITDB python VERIFIED
Novell File Reporter <1.0.2 - Path Traversal
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
by Abysssec
EIP-2026-115304 EXPLOITDB python VERIFIED
FreeVimager 4.1.0 - Crash (PoC)
by Jean Pascal Pereira
EIP-2026-115146 EXPLOITDB python VERIFIED
DIMIN Viewer 5.4.0 - Crash (PoC)
by Jean Pascal Pereira
CVE-2012-10023 EXPLOITDB CRITICAL python VERIFIED
FreeFloat FTP Server 1.0.0 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to overwrite memory and potentially execute arbitrary code. The flaw is triggered by sending an overly long username string, which overflows the buffer allocated for user authentication.
by D35m0nd142
CVSS 9.8
CVE-2013-1627 EXPLOITDB python VERIFIED
Indusoft Web Studio & Advantech Studio <=7.0 - Unauthenticated Path Traversal via NTWebServer.exe
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in an argument to the sub_401A90 CreateFileW function.
by Nin3
EIP-2026-116457 EXPLOITDB python VERIFIED
UMPlayer Portable 0.95 - Crash (PoC)
by p3kok
CVE-2012-6608 EXPLOITDB python VERIFIED
elastix 2.3.0 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter.
by cheki