Hodorsec

10 exploits Active since Dec 2019
CVE-2019-25686 EXPLOITDB HIGH python WORKING POC
Core FTP 2.0 build 653 PBSZ Unauthenticated Denial of Service
Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.
CVSS 7.5
CVE-2020-37138 EXPLOITDB CRITICAL python WORKING POC
10-Strike Network Inventory Explorer 9.03 - Buffer Overflow
10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious text file with carefully constructed payload to trigger a stack-based buffer overflow and bypass data execution prevention through a ROP chain.
CVSS 9.8
CVE-2020-36947 EXPLOITDB HIGH python WORKING POC
LibreNMS 1.46 - Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve sensitive database contents through time-based blind SQL injection.
CVSS 7.1
CVE-2019-17270 EXPLOITDB CRITICAL python WORKING POC
Yachtcontrol < 2019-10-06 - OS Command Injection
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command={COMMAND}" page and parameter, where {COMMAND} will be executed and returning the results to the client. Affects Yachtcontrol webservers disclosed via Dutch GPRS/4G mobile IP-ranges. IP addresses vary due to DHCP client leasing of telco's.
CVSS 9.8
EIP-2026-119512 EXPLOITDB python WORKING POC
Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
EIP-2026-116752 EXPLOITDB python WORKING POC
AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow (SEH)
EIP-2026-116689 EXPLOITDB python WORKING POC
10Strike LANState 9.32 - 'Force Check' Buffer Overflow (SEH)
EIP-2026-104242 EXPLOITDB python WORKING POC
ERPNext 12.14.0 - SQL Injection (Authenticated)
CVE-2020-14008 EXPLOITDB HIGH python WORKING POC
Zohocorp Manageengine Applications Manager - Unrestricted File Upload
Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution.
CVSS 7.2
EIP-2026-101954 EXPLOITDB text WRITEUP
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials