Python Exploits

6,691 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-4643 EXPLOITDB python VERIFIED
Splunk 4.x < 4.2.5 - Authenticated Path Traversal via URI
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.
by Gary O'Leary-Steele
CVE-2011-4642 EXPLOITDB python VERIFIED
Splunk 4.2.x - Authenticated Remote Code Execution via mappy.py Python Class Access
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
by Gary O'Leary-Steele
CVE-2011-5171 EXPLOITDB python VERIFIED
CyberLink Power2Go 7 build 196 and 8 build 1031 - Remote Code Execution via Crafted Project File Parameters
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
by modpr0be
EIP-2026-112254 EXPLOITDB python
SMF 2.0.1 - SQL Injection / Privilege Escalation
by The:Paradox
EIP-2026-116277 EXPLOITDB python
SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)
by LiquidWorm
CVE-2011-4040 EXPLOITDB python
NJStar Communicator MiniSmtp 3.0.11818 - Remote Code Execution via Crafted Packet
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
by Zune
CVE-2011-2005 EXPLOITDB HIGH python VERIFIED
Microsoft Windows XP/Server 2003 - Privilege Escalation
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by ryujin
CVSS 7.8
CVE-2011-5162 EXPLOITDB python VERIFIED
GOM Player 2.1.33.5071 - Stack-based Buffer Overflow via ASX File URI in ref href Tag
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
by Debasish Mandal
EIP-2026-116412 EXPLOITDB python VERIFIED
Titan FTP Server 8.40 - 'APPE' Remote Denial of Service
by Houssam Sahli
CVE-2011-5129 EXPLOITDB python VERIFIED
XChat < 2.8.9 - Heap-Based Buffer Overflow via Long Response String
Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.
by Jane Doe
CVE-2011-1591 EXPLOITDB python
Wireshark 1.4.x < 1.4.5 - Stack-Based Buffer Overflow in DECT Dissector
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
by ipv
EIP-2026-116409 EXPLOITDB python
Thunder Kankan Player 4.8.3.840 - Stack Overflow / Denial of Service
by hellok
EIP-2026-102588 EXPLOITDB python VERIFIED
FleaHttpd - Remote Denial of Service
by condis
EIP-2026-115530 EXPLOITDB python VERIFIED
Kool Media Converter 2.6.0 - Denial of Service
by swami
EIP-2026-115529 EXPLOITDB python VERIFIED
Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow
by swami
EIP-2026-116861 EXPLOITDB python VERIFIED
Aviosoft Digital TV Player Professional 1.x - Local Stack Buffer Overflow
by modpr0be
EIP-2026-104560 EXPLOITDB python VERIFIED
Apple Mac OSX 10.6.5 / iOS 4.3.3 Mail - Denial of Service
by shebang42
EIP-2026-115326 EXPLOITDB python VERIFIED
GFI Faxmaker Fax Viewer 10.0 (build 237) - Denial of Service (PoC)
by loneferret
EIP-2026-116643 EXPLOITDB python
zFTPServer - 'cwd/stat' Remote Denial of Service
by Myo Soe
EIP-2026-115125 EXPLOITDB python VERIFIED
Cyclope Internet Filtering Proxy 4.0 - 'CEPMServer.exe' Denial of Service (PoC)
by loneferret
EIP-2026-119357 EXPLOITDB python VERIFIED
Cyclope Internet Filtering Proxy 4.0 - Persistent Cross-Site Scripting
by loneferret
CVE-2011-1965 EXPLOITDB python
Microsoft Windows 7 Gold & SP1/Windows Server 2008 R2 & R2 SP1 - DoS
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
by Byoungyoung Lee
CVE-2011-3368 EXPLOITDB python VERIFIED
Apache HTTP Server 1.3.x-1.3.42, 2.0.x-2.0.64, 2.2.x-2.2.21 SSRF via Malformed URI with @
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
by Rodrigo Marcos
CVE-2009-0450 EXPLOITDB python
BlazeVideo HDTV Player <3.5 - Buffer Overflow
Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.
by modpr0be
CVE-2011-4572 EXPLOITDB python
CF Image Hosting Script 1.3.82, 1.4.1 - Cross-Site Scripting via q Parameter
Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate.
by bd0rk