Python Exploits
6,689 exploits tracked across all sources.
AlienVault OSSIM 3.1 - Cross-Site Scripting via URL Parameter or Time Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
by muts
Symantec Web Gateway <5.0.3.18 - SQL Injection
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
by muts
Plixer Scrutinizer <9.5.2 - SQL Injection
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
by muts
Atmail Webmail Server 6.4 - Cross-Site Scripting via Email Date Field
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
by muts
CVSS 6.1
Snack Sound Toolkit - Heap-based Buffer Overflow in GetWavHeader
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
by Jean Pascal Pereira
Symantec pcAnywhere 12.5.x-12.5.3 & IT Management Suite 7.0-7.1 - RCE via TCP Port 5631
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
by S2 Crew
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
WellinTech KingView < 6.53 - Remote Code Execution via Crafted TCP Packet
Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555.
by Carlos Mario Penagos Hollmann
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
Investintech.com Able2Extract - DoS/Code Injection
Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document.
by Carlos Mario Penagos Hollmann
Sysax 5.62 - Admin Interface Local Buffer Overflow
by Craig Freyman
HP Data Protector - Remote Code Execution via EXEC_SETUP Command
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
by Ben Turner
EZHomeTech Ezserver 6.4 - Remote Stack Overflow
by modpr0be
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
by mr_me
XM Easy Personal FTP Server 5.3.0 - Buffer Overflow
Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might overlap CVE-2006-2225, CVE-2006-2226, or CVE-2006-5728.
by mr_me
Adobe Illustrator < CS6 - Memory Corruption
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
by Felipe Andres Manzano
Edimax IC-3030iWn - UDP Packet Password Information Disclosure
by y3dips
Apple iTunes <10.6.3 - Buffer Overflow
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
by LiquidWorm
Oracle MySQL 5.1.x < 5.1.63, 5.5.x < 5.5.24, 5.6.x < 5.6.6 - Authentication Bypass via Repeated Failed Authentication
sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
by David Kennedy (ReL1K)
F5 BIG-IP Multiple Versions - Unauthenticated SSH Login via Shared Private Key
F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option.
by David Kennedy (ReL1K)
By Source