Python Exploits

6,689 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2582 EXPLOITDB python VERIFIED
OTRS Help Desk <2.4.13, OTRS ITSM <3.0.15 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
by loneferret
CVE-2012-2585 EXPLOITDB python VERIFIED
ManageEngine ServiceDesk Plus 8.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by loneferret
CVE-2012-2586 EXPLOITDB python VERIFIED
Mailtraq 2.17.3.3150 - Multiple Cross-Site Scripting via Email Subject and Body
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by loneferret
CVE-2012-2588 EXPLOITDB python VERIFIED
MailEnable Enterprise 6.5 - Cross-Site Scripting via Email Headers or Body
Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message.
by loneferret
CVE-2012-2955 EXPLOITDB python VERIFIED
IBM Lotus Protector for Mail Security 2.1-2.8 XSS via Query String
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.
by muts
CVE-2012-2590 EXPLOITDB python VERIFIED
ESCON SupportPortal Professional Edition 3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV="Set-Cookie" META element, or (4) an innerHTML attribute within an XML document.
by loneferret
CVE-2012-2591 EXPLOITDB python VERIFIED
EmailArchitect Email Server <10.0.0.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.
by loneferret
CVE-2012-2592 EXPLOITDB python VERIFIED
Axigen Mail Server 8.0.1 - Cross-Site Scripting via Email Body
Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by loneferret
CVE-2012-2584 EXPLOITDB python VERIFIED
Alt-N MDaemon Free 12.5.4 - Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document.
by loneferret
CVE-2012-2587 EXPLOITDB python VERIFIED
AfterLogic MailSuite Pro 6.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element.
by loneferret
CVE-2012-2572 EXPLOITDB python VERIFIED
ThreeWP Email Reflector <1.16 - XSS
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
by loneferret
CVE-2012-2579 EXPLOITDB python VERIFIED
WP SimpleMail 1.0.6 - Cross-Site Scripting via Email Fields
Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.
by loneferret
CVE-2012-2580 EXPLOITDB python VERIFIED
Postie < 1.5.15 - Cross-Site Scripting via Email From Field
Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.
by loneferret
CVE-2012-2583 EXPLOITDB python VERIFIED
Mini Mail Dashboard Widget <1.42 - XSS
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.
by loneferret
CVE-2012-2573 EXPLOITDB python VERIFIED
T-dah WebMail 3.2.0-2.3 - Stored Cross-Site Scripting via Email Message Body
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
by loneferret
EIP-2026-116996 EXPLOITDB python VERIFIED
CoolPlayer Portable 2.19.2 - Local Buffer Overflow (ASLR Bypass) (2)
by pole
EIP-2026-109440 EXPLOITDB python VERIFIED
Mibew Messenger 1.6.4 - 'threadid' SQL Injection
by Ucha Gobejishvili
CVE-2012-4178 EXPLOITDB python VERIFIED
Symantec Web Gateway 5.0.3.18 - SQL Injection via groupid Parameter
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.
by Kc57
EIP-2026-104514 EXPLOITDB python VERIFIED
Zenoss 3.2.1 - (Authenticated) Remote Command Execution
by Brendan Coles
CVE-2009-1328 EXPLOITDB python VERIFIED
Mini-stream RM-MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
by Ptrace Security
CVE-2012-3571 EXPLOITDB python VERIFIED
ISC DHCP 4.1.2-4.2.4 and 4.1-ESV < R6 - Denial of Service via Malformed Client Identifier
ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.
by Markus Hietava
CVE-2012-3435 EXPLOITDB python VERIFIED
Zabbix < 1.8.15 - SQL Injection via itemid Parameter
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
by muts
CVE-2012-2957 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - Privilege Escalation
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
by muts
CVE-2012-2953 EXPLOITDB python VERIFIED
Symantec Web Gateway <5.0.3.18 - RCE
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts.
by muts
EIP-2026-117659 EXPLOITDB python
MyMp3 Player Stack - '.m3u' File DEP Bypass
by Daniel Romero