Python Exploits

6,703 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-4897 EXPLOITDB python VERIFIED
Ekiga 2.0.5 - Denial of Service via Long Argument to PString::vsprintf
pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).
by Jose Miguel Esparza
EIP-2026-104619 EXPLOITDB python VERIFIED
Mozilla Firefox 3.5 (OSX) - Font Tags Remote Buffer Overflow
by Dr_IDE
EIP-2026-118125 EXPLOITDB python VERIFIED
WINMOD 1.4 - '.lst' Universal Buffer Overflow (SEH) (2)
by Dz_Girl
EIP-2026-118855 EXPLOITDB python VERIFIED
Microsoft Office Web Components Spreadsheet - ActiveX 'OWC10/11' Remote Overflow
by Ahmed Obied
CVE-2009-2477 EXPLOITDB python VERIFIED
Firefox 3.5 - Remote Code Execution via TraceMonkey JIT Escape Function
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
by David Kennedy (ReL1K)
CVE-2009-2478 EXPLOITDB python VERIFIED
Mozilla Firefox 3.5 - Denial of Service via Flash NULL Pointer Dereference
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."
by David Kennedy (ReL1K)
EIP-2026-116668 EXPLOITDB python VERIFIED
Zortam MP3 Media Studio 9.40 - Multiple Memory Corruption Vulnerabilities
by LiquidWorm
CVE-2009-3824 EXPLOITDB python VERIFIED
Greenwood PHP Content Manager 0.3.2 - Path Traversal via Content Path Parameter
Directory traversal vulnerability in include/processor.php in Greenwood PHP Content Manager 0.3.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content_path parameter.
by Khashayar Fereidani
EIP-2026-117422 EXPLOITDB python VERIFIED
Live For Speed 2 Version Z - '.mpr' Local Buffer Overflow (SEH)
by His0k4
CVE-2009-3947 EXPLOITDB python VERIFIED
Tandberg MXP F7.0 - Buffer Overflow
Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters.
by otokoyama
EIP-2026-111831 EXPLOITDB python VERIFIED
RunCMS 1.6.3 - Remote Shell Injection
by StAkeR
EIP-2026-119036 EXPLOITDB python VERIFIED
Pirch IRC 98 Client - 'Response' Remote Buffer Overflow (SEH)
by His0k4
CVE-2008-0015 EXPLOITDB HIGH python VERIFIED
Microsoft Windows 2003 Server and XP - Remote Code Execution via MPEG2TuneRequest ActiveX Control
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
by David Kennedy (ReL1K)
CVSS 8.8
CVE-2009-2375 EXPLOITDB python VERIFIED
Photo DVD Maker 8.02 - Buffer Overflow
Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information.
by His0k4
CVE-2009-3859 EXPLOITDB python VERIFIED
eEye Retina WiFi Scanner <1.0.8.68 - Buffer Overflow
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry.
by LiquidWorm
EIP-2026-109428 EXPLOITDB python VERIFIED
Messages Library 2.0 - Arbitrary Delete Message
by Stack
CVE-2009-2305 EXPLOITDB python VERIFIED
armassa ARD-9808 Software - Denial of Service via Long URI with //.\ Sequences
The ARD-9808 DVR card security camera allows remote attackers to cause a denial of service via a long URI composed of //.\ (slash slash dot backslash) sequences.
by Stack
CVE-2009-2227 EXPLOITDB python VERIFIED
B Labs Bopup Comm Server <3.2.26.5460 - Buffer Overflow
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
by His0k4
CVE-2009-2485 EXPLOITDB python VERIFIED
HT-MP3Player 1.0 - Stack-Based Buffer Overflow via Long String in .ht3 File
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
by His0k4
CVE-2009-2390 EXPLOITDB python VERIFIED
com_bookflip 2.1 - SQL Injection via book_id Parameter
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
by boom3rang
CVE-2009-2607 EXPLOITDB python VERIFIED
com_pinboard - SQL Injection via Task Parameter
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
by Stack
EIP-2026-105146 EXPLOITDB python VERIFIED
AlumniServer 1.0.1 - 'resetpwemail' Blind SQL Injection
by YEnH4ckEr
CVE-2009-0714 EXPLOITDB python VERIFIED
HP Data Protector Express <4.6.5-3.4.7 - DoS
Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for dpwingad (dpwingad.exe) in HP Data Protector Express and Express SSE 3.x before build 47065, and Express and Express SSE 4.x before build 46537, allows remote attackers to cause a denial of service (application crash) or read portions of memory via one or more crafted packets.
by Nibin
CVE-2009-2254 EXPLOITDB python VERIFIED
Zen Cart <1.3.8a-1.3.8 - SQL Injection
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue.
by BlackH
CVE-2009-2113 EXPLOITDB python VERIFIED
FretsWeb 1.2 - SQL Injection via Name or Hash Parameter
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
by YEnH4ckEr