Python Exploits

6,700 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1681 EXPLOITDB python VERIFIED
Microsoft Visio - Buffer Overflow via Crafted DXF File
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
by Abysssec
CVE-2010-4913 EXPLOITDB python VERIFIED
ColdGen ColdUserGroup 1.06 - Cross-Site Scripting via Search Keywords Parameter
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information.
by mr_me
CVE-2010-4916 EXPLOITDB python VERIFIED
ColdGen ColdUserGroup 1.06 - SQL Injection
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
by mr_me
CVE-2010-4910 EXPLOITDB python VERIFIED
ColdGen ColdCalendar <2.06 - SQL Injection
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
by mr_me
EIP-2026-116120 EXPLOITDB python VERIFIED
QQPlayer 2.3.696.400p1 - '.wav' Denial of Service
by s-dz
EIP-2026-104528 EXPLOITDB python VERIFIED
Novell Netware - NWFTPD RMD/RNFR/DELE Argument Parsing Buffer Overflow
by Abysssec
CVE-2010-2703 EXPLOITDB python VERIFIED
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in the execvp_nc function in the ov.dll module in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when running on Windows, allows remote attackers to execute arbitrary code via a long HTTP request to webappmon.exe.
by Abysssec
EIP-2026-114860 EXPLOITDB python VERIFIED
Adobe Acrobat and Reader 9.3.4 - 'acroform_PlugInMain' Memory Corruption
by ITSecTeam
CVE-2010-0480 EXPLOITDB python VERIFIED
Microsoft Windows MPEG Layer-3 Audio Codecs - Remote Code Execution via Crafted AVI File
Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
by Abysssec
EIP-2026-116494 EXPLOITDB python VERIFIED
Virtual DJ Trial 6.1.2 - Buffer Overflow Crash (SEH) (PoC)
by Abhishek Lyall
CVE-2010-4917 EXPLOITDB python VERIFIED
A-Blog 2.0 - SQL Injection via Search Words Parameter
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
by Ptrace Security
CVE-2010-0265 EXPLOITDB python VERIFIED
Microsoft Windows Movie Maker 2.1, 2.6, 6.0 and Producer 2003 - Remote Code Execution via Crafted Project File
Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
by Abysssec
EIP-2026-116493 EXPLOITDB python VERIFIED
VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC)
by s-dz
EIP-2026-109363 EXPLOITDB python VERIFIED
mBlogger 1.0.04 - 'addcomment.php' Persistent Cross-Site Scripting
by Ptrace Security
CVE-2010-0519 EXPLOITDB python VERIFIED
Apple Mac OS X - Remote Code Execution via Malformed FlashPix SubImage Header
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
by Abysssec
CVE-2010-1297 EXPLOITDB HIGH python VERIFIED
Adobe Flash Player
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
by Abysssec
CVSS 7.8
EIP-2026-106221 EXPLOITDB python VERIFIED
Cpanel PHP - Restriction Bypass
by Abysssec
CVE-2010-4876 EXPLOITDB python VERIFIED
mBlogger 1.0.04 - SQL Injection via viewpost.php postID Parameter
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.
by Ptrace Security
EIP-2026-115621 EXPLOITDB python VERIFIED
Mereo 1.9.2 - Remote HTTP Server Denial of Service
by CwG GeNiuS
CVE-2009-2629 EXPLOITDB python VERIFIED
nginx <0.5.37, <0.6.39, <0.7.62, <0.8.15 - RCE
Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
by Aaron Conole
EIP-2026-105530 EXPLOITDB python VERIFIED
Blogman 0.7.1 - 'profile.php' SQL Injection
by Ptrace Security
EIP-2026-103388 EXPLOITDB python VERIFIED
Adobe Acrobat and Reader 9.3.4 - 'AcroForm.api' Memory Corruption
by ITSecTeam
CVE-2010-1797 EXPLOITDB python
iPhone OS - Remote Code Execution via Crafted CFF Opcodes in Embedded Fonts
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
by Jose Miguel Esparza
EIP-2026-116427 EXPLOITDB python VERIFIED
Tplayer V1R10 - Denial of Service
by 41.w4r10r
EIP-2026-114838 EXPLOITDB python VERIFIED
Abyssal Metal Player 2.0.9 - Denial of Service
by 41.w4r10r