Ismael Nava

19 exploits Active since Jan 2026
CVE-2022-50935 EXPLOITDB CRITICAL text WRITEUP
Flame II HSPA USB Modem - Privilege Escalation
Flame II HSPA USB Modem contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\Internet Telcel\ApplicationController.exe' to execute arbitrary code with elevated system privileges.
CVSS 9.8
CVE-2023-54338 EXPLOITDB HIGH text WRITEUP
Tftpd32 SE 4.60 - Unquoted Service Path Privilege Escalation
Tftpd32 SE 4.60 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be run with system-level permissions.
CVSS 8.4
CVE-2020-37122 EXPLOITDB HIGH python WORKING POC
SpotFTP-FTP Password Recover <2.4.8 - DoS
SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration code to trigger the application crash.
CVSS 7.5
CVE-2020-37109 EXPLOITDB HIGH python WORKING POC
aSc TimeTables 2020.11.4 - Denial of Service via Subject Title Buffer Overflow
aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject title to trigger an application crash and potential instability.
CVSS 7.5
CVE-2020-37107 EXPLOITDB HIGH python WORKING POC
Core FTP LE 2.2 - Denial of Service via Account Field Buffer Overflow
Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account field to cause the application to become unresponsive and require reinstallation.
CVSS 7.5
CVE-2021-47896 EXPLOITDB HIGH text WRITEUP
PDF Complete Corporate Edition 4.1.45 - Code Injection
PDF Complete Corporate Edition 4.1.45 contains an unquoted service path vulnerability in the pdfcDispatcher service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service binary location to inject malicious executables that will be run with elevated LocalSystem privileges.
CVSS 7.8
CVE-2021-47895 EXPLOITDB HIGH text WORKING POC
Nsauditor 3.2.2.0 - Denial of Service via Event Description Buffer Overflow
Nsauditor 3.2.2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Event Description field with a large buffer. Attackers can generate a 10,000-character 'U' buffer and paste it into the Event Description field to trigger an application crash.
CVSS 7.5
CVE-2021-47894 EXPLOITDB HIGH text WORKING POC
Managed Switch Port Mapping Tool <2.85.2 - DoS
Managed Switch Port Mapping Tool 2.85.2 contains a denial of service vulnerability that allows attackers to crash the application by creating an oversized buffer. Attackers can generate a 10,000-character buffer and paste it into the IP Address and SNMP Community Name fields to trigger the application crash.
CVSS 7.5
CVE-2021-47893 EXPLOITDB HIGH text WORKING POC
AgataSoft PingMaster Pro 2.1 - Denial of Service via Trace Route Host Name Overflow
AgataSoft PingMaster Pro 2.1 contains a denial of service vulnerability in the Trace Route feature that allows attackers to crash the application by overflowing the host name input field. Attackers can generate a 10,000-character buffer and paste it into the host name field to trigger an application crash and potential system instability.
CVSS 7.5
CVE-2021-47863 EXPLOITDB HIGH text WRITEUP
MacPaw Encrypto 1.0.1 - Code Injection
MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Encrypto\ to inject malicious executables and escalate privileges on Windows systems.
CVSS 7.8
CVE-2021-47824 EXPLOITDB HIGH text WORKING POC
iDailyDiary 4.30 - Denial of Service via Preferences Tab Name Field Overflow
iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buffer into the default diary tab name to trigger an application crash.
CVSS 7.5
CVE-2021-47821 EXPLOITDB HIGH python WORKING POC
RarmaRadio 2.72.8 - Denial of Service via Network Configuration Field Buffer Overflow
RarmaRadio 2.72.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing network configuration fields with large character buffers. Attackers can generate a 100,000 character buffer and paste it into multiple network settings fields to trigger application instability and potential crash.
CVSS 7.5
CVE-2020-36958 EXPLOITDB HIGH text WRITEUP
Kite 1.2020.1119.0 - Code Injection
Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the system.
CVSS 7.8
CVE-2020-36949 EXPLOITDB HIGH text WORKING POC
TapinRadio 2.13.7 - Denial of Service via Proxy Settings Input Overflow
TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.
CVSS 7.5
CVE-2020-36943 EXPLOITDB HIGH text WORKING POC
asc Timetables 2021.6.2 - Denial of Service via Subject Title Field Overflow
aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a 10,000-character buffer and paste it into the subject title to trigger application instability and potential crash.
CVSS 7.5
EIP-2026-119583 EXPLOITDB python WORKING POC
CuteFTP 9.3.0.3 - Denial of Service (PoC)
EIP-2026-118167 EXPLOITDB text WRITEUP
Workspace ONE Intelligent Hub 20.3.8.0 - 'VMware Hub Health Monitoring Service' Unquoted Service Path
EIP-2026-117493 EXPLOITDB text WRITEUP
Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path
EIP-2026-116153 EXPLOITDB text WORKING POC
RarmaRadio 2.72.5 - Denial of Service (PoC)