Luis Martinez

54 exploits Active since Dec 2025
CVE-2019-25712 EXPLOITDB MEDIUM python WORKING POC
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service via Registration Key
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.
CVSS 6.2
CVE-2019-25711 EXPLOITDB MEDIUM python WORKING POC
SpotFTP Password Recover 2.4.2 Denial of Service via Name Field
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.
CVSS 6.2
CVE-2019-25349 EXPLOITDB HIGH python WORKING POC
ScadaApp iOS 1.1.4.0 - DoS
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices.
CVSS 7.5
CVE-2022-50932 EXPLOITDB HIGH text WORKING POC
Kyocera Command Center RX ECOSYS M2035dn - Path Traversal
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.
CVSS 7.5
CVE-2022-50930 EXPLOITDB HIGH text WRITEUP
Emerson PAC Machine Edition 9.80 - Privilege Escalation
Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
CVSS 8.4
CVE-2022-50904 EXPLOITDB HIGH text WRITEUP
Wondershare UBackit 2.0.5 - Code Injection
Wondershare UBackit 2.0.5 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the wsbackup service to inject malicious executables that would run with LocalSystem permissions during service startup.
CVSS 8.4
CVE-2022-50903 EXPLOITDB HIGH text WRITEUP
Wondershare MobileTrans 3.5.9 - Privilege Escalation
Wondershare MobileTrans 3.5.9 contains an unquoted service path vulnerability in the ElevationService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted path by placing malicious executables in specific filesystem locations that will be executed with LocalSystem permissions during service startup.
CVSS 8.4
CVE-2022-50902 EXPLOITDB HIGH text WRITEUP
Wondershare FamiSafe 1.0 - Code Injection
Wondershare FamiSafe 1.0 contains an unquoted service path vulnerability in the FSService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\FamiSafe\ to inject malicious code that would run with LocalSystem permissions during service startup.
CVSS 8.4
CVE-2022-50901 EXPLOITDB HIGH text WRITEUP
Wondershare Dr.Fone 11.4.9 - Code Injection
Wondershare Dr.Fone 11.4.9 contains an unquoted service path vulnerability in the DFWSIDService that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone\ to inject malicious executables that would run with LocalSystem privileges.
CVSS 8.4
CVE-2023-54337 EXPLOITDB CRITICAL text WORKING POC
Sysax Multi Server - Denial of Service
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
CVSS 9.1
CVE-2023-54336 EXPLOITDB HIGH text WRITEUP
Mediconta 3.7.27 - Privilege Escalation
Mediconta 3.7.27 contains an unquoted service path vulnerability in the servermedicontservice that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\medicont3\ to inject malicious code that would execute with LocalSystem permissions during service startup.
CVSS 8.4
CVE-2022-50690 EXPLOITDB HIGH text WRITEUP
Wondershare MirrorGo 2.0.11.346 - Privilege Escalation
Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges.
CVSS 8.4
CVE-2022-50689 EXPLOITDB MEDIUM python WORKING POC
Cobian Reflector 0.9.93 RC1 - DoS
Cobian Reflector 0.9.93 RC1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the password input field. Attackers can paste a large 8000-byte buffer into the password field to trigger an application crash during SFTP task configuration.
CVSS 6.2
CVE-2022-50688 EXPLOITDB HIGH text WRITEUP
Cobian Backup Gravity 11.2.0.582 - Code Injection
Cobian Backup Gravity 11.2.0.582 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the CobianBackup11 service to inject malicious code that would execute with LocalSystem privileges during service startup.
CVSS 8.4
CVE-2022-50687 EXPLOITDB MEDIUM python WORKING POC
Cobian Backup 11 Gravity 11.2.0.582 - DoS
Cobian Backup 11 Gravity 11.2.0.582 contains a denial of service vulnerability in the FTP password input field that allows attackers to crash the application. Attackers can generate a specially crafted 800-byte buffer and paste it into the password field to trigger an application crash.
CVSS 5.5
CVE-2021-47880 EXPLOITDB HIGH text WRITEUP
Realtek Wireless LAN Utility 700.1631 - Privilege Escalation
Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot.
CVSS 7.8
CVE-2021-47879 EXPLOITDB HIGH text WRITEUP
eBeam Interactive Suite 3.6 - Privilege Escalation
eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions.
CVSS 7.8
CVE-2021-47878 EXPLOITDB HIGH text WRITEUP
eBeam Education Suite 2.5.0.9 - Code Injection
eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup.
CVSS 7.8
CVE-2021-47827 EXPLOITDB HIGH python WORKING POC
WebSSH for iOS <14.16.10 - DoS
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field, causing the application to crash.
CVSS 7.5
CVE-2020-37017 EXPLOITDB HIGH text WRITEUP
CodeMeter 6.60 - Privilege Escalation
CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions.
CVSS 7.8
CVE-2020-36995 EXPLOITDB HIGH python WORKING POC
Mocha Telnet Lite for iOS 4.2 - DoS
Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality.
CVSS 7.5
CVE-2020-36994 EXPLOITDB MEDIUM python WORKING POC
QlikView 12.50.20000.0 - DoS
QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer into the FTP server address field to trigger an application crash and prevent normal functionality.
CVSS 6.2
CVE-2019-25276 EXPLOITDB HIGH text WRITEUP
Studio 5000 Logix Designer 30.01.00 - Privilege Escalation
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.
CVSS 7.8
EIP-2026-119634 EXPLOITDB python WORKING POC
InduSoft Web Studio 8.1 SP1 - 'Tag Name' Buffer Overflow (SEH)
EIP-2026-119599 EXPLOITDB python WORKING POC
NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)