Erick Galindo

12 exploits Active since Jan 2026
CVE-2021-47845 EXPLOITDB HIGH text WRITEUP
Spy Emergency 25.0.650 - Privilege Escalation
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code during system startup or service restart.
CVSS 7.8
CVE-2021-47833 EXPLOITDB HIGH text WRITEUP
WifiHotSpot 1.0.0.0 - Code Injection
WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in its WifiHotSpotService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions.
CVSS 7.8
CVE-2021-47831 EXPLOITDB HIGH python WORKING POC
Sandboxie 5.49.7 - DoS
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.
CVSS 7.5
CVE-2021-47829 EXPLOITDB HIGH text WRITEUP
DHCP Broadband 4.1.0.1503 - Code Injection
DHCP Broadband 4.1.0.1503 contains an unquoted service path vulnerability in its service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files\DHCP Broadband 4\dhcpt.exe' to inject malicious code that will execute during service startup with LocalSystem permissions.
CVSS 7.8
CVE-2021-47828 EXPLOITDB HIGH text WRITEUP
BOOTP Turbo <2.0.0.1253 - Code Injection
BOOTP Turbo 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot.
CVSS 7.8
CVE-2021-47822 EXPLOITDB HIGH text WRITEUP
DiskBoss Service 12.2.18 - Privilege Escalation
DiskBoss Service 12.2.18 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup.
CVSS 7.8
CVE-2021-47815 EXPLOITDB HIGH python WORKING POC
Nsasoft Nsauditor - Buffer Overflow
Nsauditor 3.2.3 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can paste a large buffer of 256 repeated characters into the 'Key' field to trigger an application crash.
CVSS 7.5
CVE-2021-47814 EXPLOITDB HIGH python WORKING POC
Nsasoft Nbmonitor - Buffer Overflow
NBMonitor 1.6.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a 256-character buffer into the registration key field to trigger an application crash and potential system instability.
CVSS 7.5
CVE-2021-47813 EXPLOITDB HIGH python WORKING POC
Backup Key Recovery <2.2.7 - DoS
Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer of 256 repeated characters into the registration key field to trigger application instability and potential crash.
CVSS 7.5
EIP-2026-118003 EXPLOITDB text WRITEUP
TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path
EIP-2026-117890 EXPLOITDB text WRITEUP
Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path
EIP-2026-117849 EXPLOITDB text WRITEUP
RealTimes Desktop Service 18.1.4 - 'rpdsvc.exe' Unquoted Service Path