boku

45 exploits Active since Jan 2018
CVE-2020-37221 EXPLOITDB HIGH python WORKING POC
Atomic Alarm Clock 6.3 Stack Overflow via SEH Unicode
Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling overwrite and encoded shellcode to bypass SafeSEH protections and execute arbitrary commands with application privileges.
CVSS 8.4
CVE-2020-37177 EXPLOITDB HIGH python WORKING POC
BOOTP Turbo 2.0 - Denial of Service via SEH Overwrite
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.
CVSS 7.5
CVE-2020-37176 EXPLOITDB CRITICAL python WORKING POC
Torrent 3GP Converter 1.51 - Stack-based Buffer Overflow via Registration Dialog
Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques.
CVSS 9.8
CVE-2020-37160 EXPLOITDB MEDIUM text WORKING POC
SprintWork 2.3.1 - Privilege Escalation
SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access.
CVSS 6.2
CVE-2020-37159 EXPLOITDB CRITICAL python WORKING POC
Parallaxis Cuckoo Clock 5.0 - Buffer Overflow
Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite EIP and EBP, enabling shellcode execution with potential remote code execution.
CVSS 9.8
CVE-2020-37126 EXPLOITDB CRITICAL python WORKING POC
Free Desktop Clock 3.0 - Buffer Overflow
Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can exploit the vulnerability by crafting a malicious Unicode input that triggers an access violation and potentially execute arbitrary code.
CVSS 9.8
CVE-2020-37100 EXPLOITDB HIGH text WRITEUP
Sync Breeze Enterprise 12.4.18 - Code Injection
Sync Breeze Enterprise 12.4.18 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service startup process.
CVSS 7.8
CVE-2020-37099 EXPLOITDB HIGH text WRITEUP
Disk Savvy Enterprise 12.3.18 - Code Injection
Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Savvy Enterprise\bin\disksvs.exe' to inject malicious executables and escalate privileges.
CVSS 7.8
CVE-2020-37098 EXPLOITDB HIGH text WRITEUP
Disk Sorter Enterprise <12.4.16 - Code Injection
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVSS 7.8
CVE-2021-47870 EXPLOITDB MEDIUM python WORKING POC
GetSimple CMS My SMTP Contact Plugin 1.1.2 - XSS
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.
CVSS 5.4
CVE-2021-47860 EXPLOITDB MEDIUM python WORKING POC
GetSimple CMS Custom JS Plugin 0.1 - CSRF leading to XSS and RCE
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a malicious website that triggers a cross-site scripting payload to execute remote code on the hosting server when an authenticated administrator visits the page.
CVSS 5.3
CVE-2021-47830 EXPLOITDB MEDIUM python WORKING POC
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
CVSS 6.5
CVE-2021-47830 EXPLOITDB MEDIUM python WORKING POC
GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
CVSS 6.5
CVE-2020-37063 EXPLOITDB HIGH text WRITEUP
TFTP Turbo 4.6.1273 - Unquoted Service Path Privilege Escalation
TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.
CVSS 7.8
CVE-2020-37062 EXPLOITDB HIGH text WRITEUP
DHCP Turbo 4.61298 - Unquoted Service Path Privilege Escalation
DHCP Turbo 4.61298 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers can place malicious executables in the service path to gain elevated privileges when the service starts.
CVSS 7.8
CVE-2020-37061 EXPLOITDB HIGH text WRITEUP
BOOTP Turbo 2.0.1214 - Privilege Escalation
BOOTP Turbo 2.0.1214 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted executable path to inject malicious code that will be executed when the service starts with LocalSystem permissions.
CVSS 7.8
CVE-2020-37060 EXPLOITDB HIGH text WORKING POC
Atomic Alarm Clock 6.3 - Privilege Escalation
Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit the unquoted service path by placing a malicious executable named 'Program.exe' to gain persistent system-level access.
CVSS 7.8
CVE-2020-37043 EXPLOITDB CRITICAL python WORKING POC
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow
10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands.
CVSS 9.8
CVE-2020-37021 EXPLOITDB HIGH text WRITEUP
10-Strike Bandwidth Monitor 3.9 - Privilege Escalation
10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup.
CVSS 7.8
CVE-2021-47778 EXPLOITDB HIGH python WORKING POC
GetSimple CMS My SMTP Contact Plugin <1.1.2 - Code Injection
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.
CVSS 7.2
CVE-2020-23837 EXPLOITDB HIGH text WORKING POC
GetSimple CMS Multi User 1.8.2 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.
CVSS 8.8
CVE-2020-23836 EXPLOITDB HIGH text WORKING POC
OSWAPP Warehouse Inventory System < 2020-08-10 - Cross-Site Request Forgery in edit_user.php
A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site.
CVSS 8.8
CVE-2020-23834 EXPLOITDB HIGH text WORKING POC
Real Time Logic BarracudaDrive <6.5 - Privilege Escalation
Insecure Service File Permissions in the bd service in Real Time Logic BarracudaDrive v6.5 allow local attackers to escalate privileges to admin by replacing the %SYSTEMDRIVE%\bd\bd.exe file. When the computer next starts, the new bd.exe will be run as LocalSystem.
CVSS 8.8
CVE-2020-23830 EXPLOITDB HIGH text WORKING POC
SourceCodester Stock Management System <v1.0 - CSRF
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.
CVSS 7.1
CVE-2020-23829 EXPLOITDB HIGH text WORKING POC
LibreHealth EHR <2.0.0 - Authenticated RCE
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
CVSS 8.8