Bobby Cooke

13 exploits Active since Jun 2020
CVE-2020-37126 EXPLOITDB CRITICAL python WORKING POC
Free Desktop Clock 3.0 - Buffer Overflow
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code.
CVSS 9.8
CVE-2020-37043 EXPLOITDB CRITICAL python WORKING POC
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
CVSS 9.8
CVE-2020-37021 EXPLOITDB HIGH text WRITEUP
10-Strike Bandwidth Monitor 3.9 - Privilege Escalation
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.
CVSS 7.8
CVE-2020-23830 EXPLOITDB HIGH text WORKING POC
SourceCodester Stock Management System <v1.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.
CVSS 7.1
CVE-2020-23829 EXPLOITDB HIGH text WORKING POC
LibreHealth EHR <2.0.0 - Authenticated RCE
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
CVSS 8.8
CVE-2020-23828 EXPLOITDB CRITICAL python WORKING POC
SourceCodester Online Course Registration v1.0 - RCE
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
CVSS 9.8
CVE-2020-24193 EXPLOITDB CRITICAL text WORKING POC
Sourcecodetester Daily Tracker System 1.0 - SQL Injection
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
CVSS 9.8
CVE-2020-14972 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Pisay Online E-Learning System 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
CVSS 9.8
EIP-2026-116831 EXPLOITDB python WORKING POC
Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)
EIP-2026-110171 EXPLOITDB text WORKING POC
Online Scheduling System 1.0 - Persistent Cross-Site Scripting
EIP-2026-110170 EXPLOITDB text WORKING POC
Online Scheduling System 1.0 - Authentication Bypass
EIP-2026-107541 EXPLOITDB python WORKING POC
Gym Management System 1.0 - Unauthenticated Remote Code Execution
EIP-2026-105820 EXPLOITDB text WORKING POC
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting