Brian Rodriguez

19 exploits Active since Jan 2026
CVE-2020-36930 EXPLOITDB HIGH text WRITEUP
SysGauge Server 7.9.18 - Code Injection
SysGauge Server 7.9.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\SysGauge Server\bin\sysgaus.exe' to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2020-36929 EXPLOITDB HIGH text WRITEUP
Brother BRPrint Auditor 3.0.7 - Code Injection
Brother BRPrint Auditor 3.0.7 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted file paths in BrAuSvc and BRPA_Agent services to inject malicious executables and escalate privileges on the system.
CVSS 7.8
CVE-2020-36928 EXPLOITDB HIGH text WRITEUP
Brother BRAgent 1.38 - Code Injection
Brother BRAgent 1.38 contains an unquoted service path vulnerability in the WBA_Agent_Client service running with LocalSystem privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Brother\BRAgent\ to inject and execute malicious code with elevated system permissions.
CVSS 7.8
CVE-2021-47887 EXPLOITDB HIGH text WRITEUP
OKI Print Job Accounting 4.4.10 - Local Privilege Escalation
OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Print Job Accounting\' to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2021-47886 EXPLOITDB HIGH text WRITEUP
Pingzapper 2.3.1 - Code Injection
Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2021-47884 EXPLOITDB HIGH text WRITEUP
OKI Configuration Tool 1.6.53 - Code Injection
OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2021-47877 EXPLOITDB HIGH python WORKING POC
GeoGebra Graphing Calculator <6.0.631.0 - DoS
GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive.
CVSS 7.5
CVE-2021-47876 EXPLOITDB HIGH python WORKING POC
GeoGebra Classic <5.0.631.0-d - DoS
GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash.
CVSS 7.5
CVE-2021-47875 EXPLOITDB CRITICAL python WORKING POC
GeoGebra CAS Calculator <6.0.631.0 - DoS
GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash.
CVSS 9.8
CVE-2021-47818 EXPLOITDB HIGH python WORKING POC
DupTerminator <1.4.5639.37199 - DoS
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.
CVSS 7.5
CVE-2021-47810 EXPLOITDB HIGH text WRITEUP
WibuKey Runtime 6.51 - Code Injection
WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2021-47807 EXPLOITDB HIGH text WRITEUP
Sync Breeze 13.6.18 - Code Injection
Sync Breeze 13.6.18 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries located in 'Program Files' directories to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2021-47806 EXPLOITDB HIGH text WRITEUP
Dup Scout 13.5.28 - Code Injection
Dup Scout 13.5.28 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Dup Scout Server\bin\dupscts.exe' to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2021-47805 EXPLOITDB HIGH text WRITEUP
Disk Savvy 13.6.14 - Code Injection
Disk Savvy 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in service binaries to inject malicious executables that will be run with elevated LocalSystem privileges.
CVSS 7.8
CVE-2021-47767 EXPLOITDB HIGH text WRITEUP
10-strike Network Inventory Explorer - Privilege Escalation
10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path segments to achieve privilege escalation and execute code with system-level permissions.
CVSS 7.8
CVE-2020-36927 EXPLOITDB HIGH text WRITEUP
DiskPulse Enterprise 13.6.14 - Code Injection
DiskPulse Enterprise 13.6.14 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Pulse Enterprise\bin\diskpls.exe' to inject malicious executables and escalate privileges.
CVSS 7.8
EIP-2026-118006 EXPLOITDB text WRITEUP
Tftpd64 4.64 - 'Tftpd32_svc' Unquoted Service Path
EIP-2026-118086 EXPLOITDB text WRITEUP
VX Search 13.5.28 - 'Multiple' Unquoted Service Path
EIP-2026-117897 EXPLOITDB text WRITEUP
SAPSprint 7.60 - 'SAPSprint' Unquoted Service Path