Python Exploits

6,700 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117827 EXPLOITDB python VERIFIED
RadASM 2.2.1.6 - '.rap' Universal Buffer Overflow
by Dz_attacker
EIP-2026-118140 EXPLOITDB python VERIFIED
WM Downloader 3.0.0.9 (Windows XP SP3) - PLS PLA
by Beenu Arora
EIP-2026-114818 EXPLOITDB python VERIFIED
(Gabriel's FTP Server) Open & Compact FTPd 1.2 - Crash (PoC)
by loneferret
EIP-2026-115402 EXPLOITDB python VERIFIED
httpdx 1.5.2 - Remote Denial of Service (PoC)
by loneferret
EIP-2026-116585 EXPLOITDB python VERIFIED
X-lite SIP 3.0 - 'wav' memory Corruption Heap Buffer Overflow
by TecR0c
EIP-2026-119238 EXPLOITDB python VERIFIED
UplusFTP Server 1.7.0.12 - Remote Buffer Overflow
by b0telh0
EIP-2026-117003 EXPLOITDB python VERIFIED
CoreFTP 2.1 b1637 - Password field Universal Buffer Overflow
by mr_me
CVE-2010-20115 EXPLOITDB CRITICAL python VERIFIED
Vermillion FTP Daemon <1.31 - Memory Corruption
Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.
by Dz_attacker
CVE-2010-0304 EXPLOITDB python VERIFIED
Wireshark 0.9.15-1.0.10 and 1.2.0-1.2.5 - Denial of Service via Malformed LWRES Packet
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
by babi
EIP-2026-118346 EXPLOITDB python VERIFIED
CamShot 1.2 - Overwrite (SEH)
by tecnik
CVE-2010-0496 EXPLOITDB python VERIFIED
FreeBit ServersMan 3.1.5 - Denial of Service via HEAD Request
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI.
by mr_me
EIP-2026-118112 EXPLOITDB python VERIFIED
Winamp 5.572 - Local Overflow (SEH)
by TecR0c
EIP-2026-114876 EXPLOITDB python VERIFIED
AIC Audio Player 1.4.1.587 - Local Crash (PoC)
by b0telh0
EIP-2026-116272 EXPLOITDB python VERIFIED
Sonique2 2.0 Beta Build 103 - Local Crash (PoC)
by b0telh0
EIP-2026-118689 EXPLOITDB python VERIFIED
IntelliTamper 2.07/2.08 - Remote Buffer Overflow (SEH)
by loneferret
EIP-2026-115840 EXPLOITDB python VERIFIED
Mini-stream Ripper 3.0.1.1 - '.smi' Local Buffer Overflow (PoC)
by d3b4g
CVE-2010-0013 EXPLOITDB HIGH python VERIFIED
Adium and Pidgin - Path Traversal via MSN Emoticon Request
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.
by Mathieu GASPARD
CVSS 7.5
CVE-2010-0249 EXPLOITDB HIGH python VERIFIED
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 - Use-After-Free via HTML Object Memory Corruption
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
by Ahmed Obied
CVSS 8.8
EIP-2026-117251 EXPLOITDB python VERIFIED
Google SketchUp 7.1.6087 - 'lib3ds' 3DS Importer Memory Corruption
by mr_me
CVE-2010-2004 EXPLOITDB python VERIFIED
BS.Global BS.Player 2.51 Build 1022 - Stack-Based Buffer Overflow via Skin Parameter in BSI File
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068.
by Dz_attacker
CVE-2010-2004 EXPLOITDB python VERIFIED
BS.Global BS.Player 2.51 Build 1022 - Stack-Based Buffer Overflow via Skin Parameter in BSI File
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068.
by Mert SARICA
CVE-2010-0359 EXPLOITDB python VERIFIED
Zeus Web Server - Buffer Overflow via SSLv2 Client Hello Message
Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.
by Intevydis
CVE-2010-0071 EXPLOITDB python VERIFIED
Oracle Database <11.1.0.7 - Info Disclosure
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
by Dennis Yurichev
EIP-2026-102172 EXPLOITDB python VERIFIED
iOS Udisk FTP Basic Edition - Remote Denial of Service
by mr_me
CVE-2010-0313 EXPLOITDB python VERIFIED
Sun Java System Directory Server Enterprise Edition 7.0 - Denial of Service via LDAP Search Request
The core_get_proxyauth_dn function in ns-slapd in Sun Java System Directory Server Enterprise Edition 7.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted LDAP Search Request message.
by Intevydis