Python Exploits
6,700 exploits tracked across all sources.
Microsoft Visio - Buffer Overflow via Crafted DXF File
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
by Abysssec
ColdGen ColdUserGroup 1.06 - Cross-Site Scripting via Search Keywords Parameter
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information.
by mr_me
ColdGen ColdUserGroup 1.06 - SQL Injection
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
by mr_me
ColdGen ColdCalendar <2.06 - SQL Injection
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
by mr_me
Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer Overflow
by Abysssec
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
by Abysssec
Adobe Acrobat and Reader 9.3.4 - 'acroform_PlugInMain' Memory Corruption
by ITSecTeam
Microsoft Windows MPEG Layer-3 Audio Codecs - Remote Code Execution via Crafted AVI File
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
by Abysssec
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)
by Abhishek Lyall
A-Blog 2.0 - SQL Injection via Search Words Parameter
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
by Ptrace Security
Microsoft Windows Movie Maker 2.1, 2.6, 6.0 and Producer 2003 - Remote Code Execution via Crafted Project File
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
by Abysssec
VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC)
by s-dz
mBlogger 1.0.04 - 'addcomment.php' Persistent Cross-Site Scripting
by Ptrace Security
Apple Mac OS X - Remote Code Execution via Malformed FlashPix SubImage Header
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
by Abysssec
Adobe Flash Player
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
by Abysssec
CVSS 7.8
mBlogger 1.0.04 - SQL Injection via viewpost.php postID Parameter
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.
by Ptrace Security
Mereo 1.9.2 - Remote HTTP Server Denial of Service
by CwG GeNiuS
nginx <0.5.37, <0.6.39, <0.7.62, <0.8.15 - RCE
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
by Aaron Conole
Blogman 0.7.1 - 'profile.php' SQL Injection
by Ptrace Security
Adobe Acrobat and Reader 9.3.4 - 'AcroForm.api' Memory Corruption
by ITSecTeam
iPhone OS - Remote Code Execution via Crafted CFF Opcodes in Embedded Fonts
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
by Jose Miguel Esparza
Abyssal Metal Player 2.0.9 - Denial of Service
by 41.w4r10r
By Source