Matteo Malvica

15 exploits Active since Feb 2018
CVE-2020-17382 NOMISEC HIGH WORKING POC
MSI AmbientLink MsIo64 driver 1.0.0.8 - Buffer Overflow
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
115 stars
CVSS 7.8
CVE-2020-5752 NOMISEC HIGH WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
4 stars
CVSS 7.8
CVE-2018-25383 EXPLOITDB HIGH python WORKING POC
Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass
Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Convert function, enabling execution of arbitrary code through ROP chain gadgets and shellcode injection.
CVSS 8.4
CVE-2018-25366 EXPLOITDB HIGH python WORKING POC
CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field
CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortcut is created and launched.
CVSS 8.4
CVE-2019-25679 EXPLOITDB HIGH python WORKING POC
RealTerm Serial Terminal 2.0.0.70 Buffer Overflow SEH
RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked.
CVSS 7.8
CVE-2020-5752 METASPLOIT HIGH ruby WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
EIP-2026-119438 EXPLOITDB python WORKING POC
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor / Custom Binary)
CVE-2018-6892 EXPLOITDB CRITICAL python WORKING POC
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
CVSS 9.8
EIP-2026-117858 EXPLOITDB python WORKING POC
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
EIP-2026-117859 EXPLOITDB python WORKING POC
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
CVE-2020-17382 EXPLOITDB HIGH c WORKING POC
MSI AmbientLink MsIo64 driver 1.0.0.8 - Buffer Overflow
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
CVSS 7.8
EIP-2026-116788 EXPLOITDB python WORKING POC
AnyBurn 4.3 - Local Buffer Overflow (SEH)
CVE-2020-5752 EXPLOITDB HIGH powershell WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
CVE-2020-5752 EXPLOITDB HIGH text WORKING POC
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVSS 7.8
EIP-2026-116787 EXPLOITDB python WORKING POC
AnyBurn 4.3 - Local Buffer Overflow (SEH)