boku

45 exploits Active since Jan 2018
CVE-2018-6892 EXPLOITDB CRITICAL python WORKING POC
Cloudme Sync < 1.10.9 - Memory Corruption
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
CVSS 9.8
CVE-2020-14972 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Pisay Online E-Learning System 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the edit-lessons webpages.
CVSS 9.8
CVE-2019-25332 EXPLOITDB HIGH python WORKING POC
FTP Commander Pro 8.03 - Buffer Overflow
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.
CVSS 8.4
CVE-2019-25321 EXPLOITDB CRITICAL python WORKING POC
FTP Navigator 8.03 - RCE
FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload that triggers a buffer overflow when pasted into the Custom Command textbox, enabling remote code execution and launching the calculator as proof of concept.
CVSS 9.8
CVE-2019-25319 EXPLOITDB CRITICAL python WORKING POC
Domain Quester Pro 6.02 - RCE
Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation and execute a bind shell on port 9999.
CVSS 9.8
CVE-2019-25318 EXPLOITDB HIGH python WORKING POC
AVS Audio Converter <9.1.2.600 - Code Injection
AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button is clicked.
CVSS 8.8
CVE-2017-1000475 EXPLOITDB HIGH text WRITEUP
FreeSSHd <1.3.1 - Privilege Escalation
FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.
CVSS 7.8
EIP-2026-118016 EXPLOITDB python WORKING POC
Torrent iPod Video Converter 1.51 - Stack Overflow
EIP-2026-117722 EXPLOITDB text WORKING POC
OpenTFTP 1.66 - Local Privilege Escalation
EIP-2026-116831 EXPLOITDB python WORKING POC
Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)
EIP-2026-117276 EXPLOITDB text WRITEUP
HomeGuard Pro 9.3.1 - Insecure Folder Permissions
EIP-2026-117202 EXPLOITDB text WRITEUP
freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path
CVE-2020-23835 EXPLOITDB MEDIUM text WORKING POC
SourceCodester Tailor Management System v1.0 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.
CVSS 6.4
EIP-2026-110171 EXPLOITDB text WORKING POC
Online Scheduling System 1.0 - Persistent Cross-Site Scripting
EIP-2026-110170 EXPLOITDB text WORKING POC
Online Scheduling System 1.0 - Authentication Bypass
EIP-2026-109109 EXPLOITDB python WORKING POC
Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)
EIP-2026-107658 EXPLOITDB text WORKING POC
House Rental 1.0 - 'keywords' SQL Injection
CVE-2020-23839 EXPLOITDB MEDIUM python WORKING POC
GetSimple CMS <3.3.16 - XSS
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows remote attackers to execute JavaScript code in the client's browser and harvest login credentials after a client clicks a link, enters credentials, and submits the login form.
CVSS 6.1
EIP-2026-107541 EXPLOITDB python WORKING POC
Gym Management System 1.0 - Unauthenticated Remote Code Execution
EIP-2026-105820 EXPLOITDB text WORKING POC
ChemInv 1.0 - Authenticated Persistent Cross-Site Scripting