Python Exploits

5,798 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107621 EXPLOITDB python VERIFIED
Hospital Management System 4.0 - Authentication Bypass
by Metin Yunus Kandemir
CVE-2019-16278 EXPLOITDB CRITICAL python VERIFIED
Nostromo nhttpd <1.9.6 - RCE
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
by Kr0ff
CVSS 9.8
EIP-2026-114133 EXPLOITDB python
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
by Raphael Karger
CVE-2019-25321 EXPLOITDB CRITICAL python
FTP Navigator 8.03 - RCE
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
by boku
CVSS 9.8
CVE-2019-25319 EXPLOITDB CRITICAL python
Domain Quester Pro 6.02 - RCE
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation and execute a bind shell on port 9999.
by boku
CVSS 9.8
CVE-2019-25318 EXPLOITDB HIGH python
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
by boku
CVSS 8.8
CVE-2019-25328 EXPLOITDB HIGH python
XnConvert 1.82 - DoS
XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash.
by Gokkulraj
CVSS 7.5
CVE-2019-25327 EXPLOITDB CRITICAL python
Prime95 <29.8 build 6 - RCE
Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110.
by stresser
CVSS 9.8
CVE-2019-25330 EXPLOITDB HIGH python
SurfOffline Professional 2.2.0.103 - Buffer Overflow
SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to trigger a denial of service condition and overwrite SEH registers.
by Chris Inzinga
CVSS 7.5
CVE-2019-25329 EXPLOITDB HIGH python
FTP Navigator 8.03 - DoS
FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can generate a payload of 4108 'A' characters followed by 4 'B' characters and 40 'C' characters to trigger a program crash when pasted into the custom command input.
by Chris Inzinga
CVSS 7.5
CVE-2019-25321 EXPLOITDB CRITICAL python
FTP Navigator 8.03 - RCE
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
by Chris Inzinga
CVSS 9.8
CVE-2019-25331 EXPLOITDB HIGH python
AVS Audio Converter 9.1 - Buffer Overflow
AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code.
by ZwX
CVSS 8.4
CVE-2019-25318 EXPLOITDB HIGH python
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
by ZwX
CVSS 8.8
EIP-2026-116625 EXPLOITDB python
XnView 2.49.1 - 'Research' Denial of Service (PoC)
by ZwX
EIP-2026-104686 EXPLOITDB python
WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service
by roddux
EIP-2026-101866 EXPLOITDB python
Netgear R6400 - Remote Code Execution
by Kevin Randall
EIP-2026-100658 EXPLOITDB python
NopCommerce 4.2.0 - Privilege Escalation
by Alessandro Magnosi
CVE-2019-25332 EXPLOITDB HIGH python
FTP Commander Pro 8.03 - Buffer Overflow
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.
by boku
CVSS 8.4
EIP-2026-104322 EXPLOITDB python
ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution
by mr_me
CVE-2019-25334 EXPLOITDB MEDIUM python
Product Key Explorer 4.2.0.0 - Buffer Overflow
Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash.
by SajjadBnd
CVSS 6.2
EIP-2026-116097 EXPLOITDB python
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
EIP-2026-116096 EXPLOITDB python
Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
CVE-2019-20049 EXPLOITDB CRITICAL python
Al-enterprise Omnivista 4760 - Remote Code Execution
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices. A remote unauthenticated attacker can chain a directory traversal (which helps to bypass authentication) with an insecure file upload to achieve Remote Code Execution as SYSTEM. The directory traversal is in the __construct() whereas the insecure file upload is in SetSkinImages().
by 0x1911
CVSS 9.8
CVE-2019-20048 EXPLOITDB HIGH python
Al-enterprise Omnivista 8770 < 4.1.12 - Unrestricted File Upload
An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM.
by 0x1911
CVSS 7.2
CVE-2019-25336 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - Buffer Overflow
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.
by Kirill Nikolaev
CVSS 8.4
By Source
All 5,798 Exploitdb 50,130 Writeup 46,953 Nomisec 21,249 Metasploit 3,221 Github 2,386 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,952 python 5,798 c 3,565 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 85 go 45 postscript 25 xml 24