Python Exploits
6,694 exploits tracked across all sources.
Windows Server 2003 - Remote Code Execution via Malformed BROWSER ELECTION Message
Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
by Cupidon-3005
XM Easy Personal FTP Server 5.8.0 - 'TYPE' Denial of Service
by Houssam Sahli
webERP 4.0.1 - 'InputSerialItemsFile.php' Arbitrary File Upload
by AutoSec Tools
LocatePC 1.05 (Ligatt Version + Others) - SQL Injection
by anonymous
xRadio 0.95b - '.xrl' Local Buffer Overflow (SEH)
by b0telh0
Hanso Player 1.4.0.0 - 'Skinfile' Buffer Overflow (Denial of Service)
by badc0re
Hanso Converter 1.1.0 - BufferOverflow Denial of Service
by badc0re
AOL Desktop < 9.6 - Stack-based Buffer Overflow via RTX Hyperlink Tag
AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.
by sickness
QuickShare File Server 1.2.1 - Path Traversal
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
by modpr0be
FTPGetter 3.58.0.21 - 'PASV' Remote Buffer Overflow
by modpr0be
AOL Desktop < 9.6 - Stack-based Buffer Overflow via RTX Hyperlink Tag
AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker can trigger a stack-based buffer overflow due to the use of unsafe strcpy operations. This allows remote attackers to execute arbitrary code when a victim opens a malicious .rtx file. AOL Desktop is end-of-life and no longer supported. Users are encouraged to migrate to AOL Desktop Gold or alternative platforms.
by sup3r
All In One Control Panel 1.4.1 - 'cp_menu_data_file.php' SQL Injection
by AutoSec Tools
SDP Downloader 2.3.0 - 'http_response' Remote Buffer Overflow
by sup3r
WM Downloader 3.1.2.2 2010.04.15 - '.m3u' File Buffer Overflow (DEP Bypass)
by sickness
Virtuosa Phoenix Edition 5.2 - ASX Buffer Overflow (SEH)
by Acidgen
Automated Solutions Modbus/TCP Master OPC Server < 3.0.2 - Heap-Based Buffer Overflow via Crafted MODBUS Response Packet
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODBUS response packet with a crafted length field.
by Jeremy Brown
Golden FTP Server 4.70 - Malformed Message Denial of Service
by Craig Freyman
Avira AntiVir Personal - Multiple Code Execution Vulnerabilities (2)
by D.Elser
Objectivity/DB 10.0 - Unauthenticated Administrative Command Execution via Lock Server or Advanced Multithreaded Server
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.
by Jeremy Brown
By Source