boku

45 exploits Active since Jan 2018
CVE-2020-23828 EXPLOITDB CRITICAL python WORKING POC
SourceCodester Online Course Registration v1.0 - RCE
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
CVSS 9.8
CVE-2018-6892 EXPLOITDB CRITICAL python WORKING POC
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
CVSS 9.8
CVE-2020-14972 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Pisay Online E-Learning System 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
CVSS 9.8
CVE-2019-25332 EXPLOITDB HIGH python WORKING POC
FTP Commander Pro 8.03 - Buffer Overflow
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.
CVSS 8.4
CVE-2019-25321 EXPLOITDB CRITICAL python WORKING POC
FTP Navigator 8.03 - Stack-based Buffer Overflow via Custom Command Textbox
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
CVSS 9.8
CVE-2019-25319 EXPLOITDB CRITICAL python WORKING POC
Domain Quester Pro 6.02 - Remote Code Execution via Domain Name Keywords Input
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation and execute a bind shell on port 9999.
CVSS 9.8
CVE-2019-25318 EXPLOITDB HIGH python WORKING POC
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
CVSS 8.8
CVE-2017-1000475 EXPLOITDB HIGH text WRITEUP
FreeSSHd <1.3.1 - Privilege Escalation
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
CVSS 7.8
EIP-2026-118016 EXPLOITDB python WORKING POC
Torrent iPod Video Converter 1.51 - Stack Overflow
EIP-2026-117722 EXPLOITDB text WORKING POC
OpenTFTP 1.66 - Local Privilege Escalation
EIP-2026-117202 EXPLOITDB text WRITEUP
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
EIP-2026-117276 EXPLOITDB text WRITEUP
HomeGuard Pro 9.3.1 - Insecure Folder Permissions
CVE-2020-23835 EXPLOITDB MEDIUM text WORKING POC
SourceCodester Tailor Management System v1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
CVSS 6.4
EIP-2026-110171 EXPLOITDB text WORKING POC
Online Scheduling System 1.0 - Persistent Cross-Site Scripting
EIP-2026-110170 EXPLOITDB text WORKING POC
Online Scheduling System 1.0 - Authentication Bypass
EIP-2026-109109 EXPLOITDB python WORKING POC
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
EIP-2026-107658 EXPLOITDB text WORKING POC
House Rental 1.0 - 'keywords' SQL Injection
CVE-2020-23839 EXPLOITDB MEDIUM python WORKING POC
GetSimple CMS 3.3.16 - Reflected Cross-Site Scripting in Login Portal
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
CVSS 6.1
EIP-2026-107541 EXPLOITDB python WORKING POC
Gym Management System 1.0 - Unauthenticated Remote Code Execution
EIP-2026-105820 EXPLOITDB text WORKING POC
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting