Python Exploits
6,700 exploits tracked across all sources.
RadASM 2.2.1.6 - '.rap' Universal Buffer Overflow
by Dz_attacker
WM Downloader 3.0.0.9 (Windows XP SP3) - PLS PLA
by Beenu Arora
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Crash (PoC)
by loneferret
httpdx 1.5.2 - Remote Denial of Service (PoC)
by loneferret
X-lite SIP 3.0 - 'wav' memory Corruption Heap Buffer Overflow
by TecR0c
UplusFTP Server 1.7.0.12 - Remote Buffer Overflow
by b0telh0
CoreFTP 2.1 b1637 - Password field Universal Buffer Overflow
by mr_me
Vermillion FTP Daemon <1.31 - Memory Corruption
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.
by Dz_attacker
Wireshark 0.9.15-1.0.10 and 1.2.0-1.2.5 - Denial of Service via Malformed LWRES Packet
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
by babi
FreeBit ServersMan 3.1.5 - Denial of Service via HEAD Request
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI.
by mr_me
Sonique2 2.0 Beta Build 103 - Local Crash (PoC)
by b0telh0
IntelliTamper 2.07/2.08 - Remote Buffer Overflow (SEH)
by loneferret
Mini-stream Ripper 3.0.1.1 - '.smi' Local Buffer Overflow (PoC)
by d3b4g
Adium and Pidgin - Path Traversal via MSN Emoticon Request
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
by Mathieu GASPARD
CVSS 7.5
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 - Use-After-Free via HTML Object Memory Corruption
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
by Ahmed Obied
CVSS 8.8
Google SketchUp 7.1.6087 - 'lib3ds' 3DS Importer Memory Corruption
by mr_me
BS.Global BS.Player 2.51 Build 1022 - Stack-Based Buffer Overflow via Skin Parameter in BSI File
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068.
by Dz_attacker
BS.Global BS.Player 2.51 Build 1022 - Stack-Based Buffer Overflow via Skin Parameter in BSI File
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068.
by Mert SARICA
Zeus Web Server - Buffer Overflow via SSLv2 Client Hello Message
Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.
by Intevydis
Oracle Database <11.1.0.7 - Info Disclosure
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
by Dennis Yurichev
iOS Udisk FTP Basic Edition - Remote Denial of Service
by mr_me
Sun Java System Directory Server Enterprise Edition 7.0 - Denial of Service via LDAP Search Request
The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message.
by Intevydis
By Source