Python Exploits
6,691 exploits tracked across all sources.
Splunk 4.x < 4.2.5 - Authenticated Path Traversal via URI
Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.
by Gary O'Leary-Steele
Splunk 4.2.x - Authenticated Remote Code Execution via mappy.py Python Class Access
mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.
by Gary O'Leary-Steele
CyberLink Power2Go 7 build 196 and 8 build 1031 - Remote Code Execution via Crafted Project File Parameters
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
by modpr0be
SopCast 3.4.7 - 'sop://' URI Handling Remote Stack Buffer Overflow (PoC)
by LiquidWorm
NJStar Communicator MiniSmtp 3.0.11818 - Remote Code Execution via Crafted Packet
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
by Zune
Microsoft Windows XP/Server 2003 - Privilege Escalation
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by ryujin
CVSS 7.8
GOM Player 2.1.33.5071 - Stack-based Buffer Overflow via ASX File URI in ref href Tag
Stack-based buffer overflow in GOM Player 2.1.33.5071 allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the "ref href" tag. NOTE: this issue exists because of a CVE-2007-0707 regression.
by Debasish Mandal
Titan FTP Server 8.40 - 'APPE' Remote Denial of Service
by Houssam Sahli
XChat < 2.8.9 - Heap-Based Buffer Overflow via Long Response String
Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.
by Jane Doe
Wireshark 1.4.x < 1.4.5 - Stack-Based Buffer Overflow in DECT Dissector
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
by ipv
Thunder Kankan Player 4.8.3.840 - Stack Overflow / Denial of Service
by hellok
Kool Media Converter 2.6.0 - '.ogg' File Buffer Overflow
by swami
Aviosoft Digital TV Player Professional 1.x - Local Stack Buffer Overflow
by modpr0be
Apple Mac OSX 10.6.5 / iOS 4.3.3 Mail - Denial of Service
by shebang42
GFI Faxmaker Fax Viewer 10.0 (build 237) - Denial of Service (PoC)
by loneferret
Cyclope Internet Filtering Proxy 4.0 - 'CEPMServer.exe' Denial of Service (PoC)
by loneferret
Cyclope Internet Filtering Proxy 4.0 - Persistent Cross-Site Scripting
by loneferret
Microsoft Windows 7 Gold & SP1/Windows Server 2008 R2 & R2 SP1 - DoS
Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
by Byoungyoung Lee
Apache HTTP Server 1.3.x-1.3.42, 2.0.x-2.0.64, 2.2.x-2.2.21 SSRF via Malformed URI with @
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
by Rodrigo Marcos
BlazeVideo HDTV Player <3.5 - Buffer Overflow
Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.
by modpr0be
CF Image Hosting Script 1.3.82, 1.4.1 - Cross-Site Scripting via q Parameter
Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF Image Hosting Script 1.3.82, 1.4.1, and probably other versions before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this was originally reported as a file disclosure vulnerability, but this is likely inaccurate.
by bd0rk
By Source