Python Exploits

5,798 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-20047 EXPLOITDB HIGH python
Al-enterprise Omnivista 4760 - Insufficiently Protected Credentials
An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and 8770 devices before 4.1.2. An incorrect web server configuration allows a remote unauthenticated attacker to retrieve the content of its own session files. Every session file contains the administrative LDAP credentials encoded in a reversible format. Sessions are stored in /sessions/sess_<sessionid>.
by 0x1911
CVSS 7.5
CVE-2019-17270 EXPLOITDB CRITICAL python
Yachtcontrol < 2019-10-06 - OS Command Injection
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
by Hodorsec
CVSS 9.8
EIP-2026-101061 EXPLOITDB python
Omron PLC 1.0.0 - Denial of Service (PoC)
by n0b0dy
CVE-2019-16702 EXPLOITDB CRITICAL python
Integard Pro 2.2.0.9026 - Buffer Overflow
Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.
by purpl3f0xsecur1ty
CVSS 9.8
CVE-2019-15627 EXPLOITDB HIGH python VERIFIED
Trendmicro Deep Security - Symlink Following
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.
by Peter Lapp
CVSS 7.1
CVE-2018-9022 EXPLOITDB CRITICAL python VERIFIED
Broadcom Privileged Access Manager - Improper Privilege Management
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
by Peter Lapp
CVSS 9.8
EIP-2026-116783 EXPLOITDB python
Anviz CrossChex 4.3.12 - Local Buffer Overflow
by Luis Catarino
EIP-2026-116782 EXPLOITDB python
Anviz CrossChex 4.3.12 - Local Buffer Overflow
by Luis Catarino
EIP-2026-115976 EXPLOITDB python
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)
by SajjadBnd
EIP-2026-115975 EXPLOITDB python
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)
by SajjadBnd
EIP-2026-115974 EXPLOITDB python
Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC)
by SajjadBnd
EIP-2026-116301 EXPLOITDB python
SpotAuditor 5.3.2 - 'Name' Denial of Service
by ZwX
EIP-2026-116300 EXPLOITDB python
SpotAuditor 5.3.2 - 'Name' Denial of Service
by ZwX
EIP-2026-116299 EXPLOITDB python
SpotAuditor 5.3.2 - 'Key' Denial of Service
by ZwX
EIP-2026-116298 EXPLOITDB python
SpotAuditor 5.3.2 - 'Key' Denial of Service
by ZwX
CVE-2019-25339 EXPLOITDB HIGH python
GHIA CamIP 1.2 - DoS
GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated characters into the password field to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5
CVE-2017-12945 EXPLOITDB HIGH python
Mersive Solstice Firmware < 2.8.4 - OS Command Injection
Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.
by Alexandre Teyar
CVSS 8.8
CVE-2019-25340 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - DoS
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows attackers to crash the application by supplying an oversized buffer. Attackers can generate a malformed input file with 2000 repeated characters to trigger an application crash when pasted into the Base64 Encrypted Password field.
by ZwX
CVSS 7.5
CVE-2019-25336 EXPLOITDB HIGH python
SpotAuditor 5.3.2 - Buffer Overflow
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that allows attackers to execute arbitrary code by crafting a malicious payload. Attackers can generate a specially crafted Base64 encoded payload to trigger a Structured Exception Handler (SEH) overwrite and execute shellcode on the vulnerable system.
by ZwX
CVSS 8.4
EIP-2026-115639 EXPLOITDB python
Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)
by ZwX
CVE-2019-25341 EXPLOITDB HIGH python
iNetTools for iOS 8.20 - DoS
iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.
by Ivan Marmolejo
CVSS 7.5
EIP-2026-115433 EXPLOITDB python
InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)
by chuyreds
CVE-2019-19489 EXPLOITDB MEDIUM python
SMPlayer 19.5.0 - Buffer Overflow
SMPlayer 19.5.0 has a buffer overflow via a long .m3u file.
by Malav Vyas
CVSS 5.5
EIP-2026-115447 EXPLOITDB python
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)
by chuyreds
CVE-2019-25350 EXPLOITDB HIGH python
XMedia Recode 3.4.8.6 - DoS
XMedia Recode 3.4.8.6 contains a denial of service vulnerability that allows attackers to crash the application by loading a specially crafted .m3u playlist file. Attackers can create a malicious .m3u file with an oversized buffer to trigger an application crash when the file is opened.
by ZwX
CVSS 7.5
By Source
All 5,798 Exploitdb 50,130 Writeup 46,953 Nomisec 21,249 Metasploit 3,221 Github 2,386 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,952 python 5,798 c 3,565 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 85 go 45 postscript 25 xml 24