Python Exploits

5,770 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25232 EXPLOITDB CRITICAL python
NetPCLinker 1.0.0.0 - Buffer Overflow
NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in the DNS/IP input to overwrite SEH handlers and execute shellcode when adding a new client.
by Saeed reza Zamanian
CVSS 9.8
EIP-2026-104447 EXPLOITDB python
Sophos VPN Web Panel 2020 - Denial of Service (Poc)
by Berk KIRAS
CVE-2020-37031 EXPLOITDB HIGH python
Simple Startup Manager 1.17 - Buffer Overflow
Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft a malicious payload with 268 bytes to trigger code execution, bypassing DEP and overwriting memory addresses to launch calc.exe.
by PovlTekstTV
CVSS 8.4
CVE-2019-16116 EXPLOITDB MEDIUM python
EnterpriseDT CompleteFTP Server <12.1.3 - Info Disclosure
EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.
by 1F98D
CVSS 4.3
CVE-2020-37027 EXPLOITDB CRITICAL python
Sickbeard alpha - Command Injection
Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the vulnerable Sickbeard installation.
by bdrake
CVSS 9.8
EIP-2026-115250 EXPLOITDB python
Fire Web Server 0.1 - Remote Denial of Service (PoC)
by Saeed reza Zamanian
EIP-2026-114614 EXPLOITDB python
ZenTao Pro 8.8.2 - Command Injection
by Daniel Monzón
CVE-2020-37036 EXPLOITDB HIGH python
RM Downloader 2.50.60 - Buffer Overflow
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
by Paras Bhatia
CVSS 8.4
CVE-2020-37038 EXPLOITDB HIGH python
Code Blocks 20.03 - DoS
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
by Paras Bhatia
CVSS 7.5
EIP-2026-112449 EXPLOITDB python
Student Enrollment 1.0 - Unauthenticated Remote Code Execution
by Enesdex
CVE-2020-37040 EXPLOITDB HIGH python
Code Blocks 17.12 - Buffer Overflow
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
by Paras Bhatia
CVSS 8.4
CVE-2020-5515 EXPLOITDB HIGH python
Gila CMS 1.11.8 - SQL Injection
Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.
by BillyV4
CVSS 7.2
CVE-2020-12712 EXPLOITDB HIGH python
SOS JobScheduler <1.13 - Info Disclosure
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
by Sander Ubink
CVSS 7.5
EIP-2026-101868 EXPLOITDB python
Netgear R7000 Router - Remote Code Execution
by grimm-co
EIP-2026-104437 EXPLOITDB python
SmarterMail 16 - Arbitrary File Upload
by vvhack.org
CVE-2020-37042 EXPLOITDB HIGH python
Frigate Professional 3.36.0.9 - Buffer Overflow
Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field. Attackers can craft a malicious payload that triggers a buffer overflow, enabling code execution and launching calculator as a proof of concept.
by Paras Bhatia
CVSS 8.4
CVE-2020-37043 EXPLOITDB CRITICAL python
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
by boku
CVSS 9.8
EIP-2026-103921 EXPLOITDB python
HFS Http File Server 2.3m Build 300 - Buffer Overflow (PoC)
by hyp3rlinx
CVE-2019-16113 EXPLOITDB HIGH python
Bludit 3.9.2 - RCE
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
by Luis Vacacas
CVSS 8.8
CVE-2020-37050 EXPLOITDB CRITICAL python
Quick Player 1.3 - Buffer Overflow
Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger the vulnerability by loading a specially crafted file through the application's file loading mechanism, potentially enabling remote code execution.
by Felipe Winsnes
CVSS 9.8
CVE-2020-37049 EXPLOITDB HIGH python
Frigate 3.36.0.9 - Buffer Overflow
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence.
by Paras Bhatia
CVSS 8.4
CVE-2020-37051 EXPLOITDB HIGH python
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate user password characters.
by Gus Ralph
CVSS 8.2
CVE-2020-37053 EXPLOITDB HIGH python
Navigate CMS 2.8.7 - Authenticated SQL Injection
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the vulnerability to extract user activation keys by using time-based blind SQL injection techniques, potentially enabling password reset for administrative accounts.
by Gus Ralph
CVSS 7.1
CVE-2020-37052 EXPLOITDB CRITICAL python
AirControl 1.4.2 - RCE
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
by 0xd0ff9
CVSS 9.8
CVE-2020-36910 EXPLOITDB HIGH python
Cayin Signage Media Player 3.0 - Command Injection
Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.
by LiquidWorm
CVSS 8.8
By Source
All 5,770 Exploitdb 50,130 Writeup 46,870 Nomisec 21,221 Metasploit 3,189 Github 2,316 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,920 python 5,770 c 3,560 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 74 go 43 postscript 25 xml 24