bzyo

61 exploits Active since Mar 2014
CVE-2018-25360 EXPLOITDB HIGH python WORKING POC
AgataSoft Auto PingMaster 1.5 Buffer Overflow SEH
AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructions that overwrite the SEH handler pointer to achieve code execution when the file contents are pasted into the application.
CVSS 8.4
CVE-2018-25359 EXPLOITDB HIGH text WORKING POC
Splinterware System Scheduler Pro 5.12 Privilege Escalation
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious executable that executes with LocalSystem privileges when the service is triggered.
CVSS 8.4
CVE-2018-25265 EXPLOITDB HIGH python WORKING POC
LanSpy 2.0.1.159 Local Buffer Overflow
LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious payloads using egghunter techniques to locate and execute shellcode, triggering code execution through SEH chain manipulation and controlled jumps.
CVSS 8.4
CVE-2018-25261 EXPLOITDB HIGH python WORKING POC
Iperius Backup 5.8.1 Local Buffer Overflow SEH
Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the external file location field that triggers a buffer overflow when the backup job executes, enabling code execution with application privileges.
CVSS 8.4
CVE-2018-25260 EXPLOITDB HIGH python WORKING POC
MAGIX Music Editor 3.1 Buffer Overflow via SEH
MAGIX Music Editor 3.1 contains a buffer overflow vulnerability in the FreeDB Proxy Options dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload, paste it into the Server field via the CD menu's FreeDB Proxy Options, and trigger code execution when settings are accepted.
CVSS 8.4
CVE-2018-25259 EXPLOITDB HIGH python WORKING POC
Terminal Services Manager 3.1 Buffer Overflow SEH
Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard.
CVSS 8.4
CVE-2019-25691 EXPLOITDB HIGH python WORKING POC
Faleemi Desktop Software 1.8 Local Buffer Overflow SEH DEP Bypass
Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can inject a crafted payload into the Save Path for Snapshot and Record file field to trigger a buffer overflow and execute arbitrary code via ROP chain gadgets.
CVSS 8.4
CVE-2018-25258 EXPLOITDB HIGH python WORKING POC
RGui 3.5.0 Local Buffer Overflow SEH DEP Bypass
RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution.
CVSS 8.4
CVE-2019-25608 EXPLOITDB HIGH text WORKING POC
Iperius Backup 6.1.0 Privilege Escalation via Backup Job
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enabling privilege escalation and arbitrary code execution.
CVSS 8.4
CVE-2019-25485 EXPLOITDB MEDIUM python WORKING POC
R 3.4.4 Windows x64 - Buffer Overflow
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menus preference to trigger a structured exception handler chain pivot and execute arbitrary shellcode with application privileges.
CVSS 6.2
CVE-2018-10326 WRITEUP MEDIUM WRITEUP
PrinterOn Enterprise 4.1.3 - Authenticated XSS
PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest.
CVSS 5.4
CVE-2018-10327 WRITEUP HIGH WRITEUP
PrinterOn Enterprise 4.1.3 - Info Disclosure
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.
CVSS 7.0
CVE-2020-12715 WRITEUP HIGH WRITEUP
RainbowFish PacsOne Server 6.8.4 - Privilege Escalation
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
CVSS 8.8
CVE-2020-12869 WRITEUP MEDIUM WRITEUP
RainbowFish PacsOne Server 6.8.4 - XSS
RainbowFish PacsOne Server 6.8.4 allows XSS.
CVSS 5.4
CVE-2020-12870 WRITEUP CRITICAL WRITEUP
RainbowFish PacsOne Server 6.8.4 - SQL Injection
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
CVSS 9.8
CVE-2022-23345 WRITEUP HIGH WRITEUP
BigAnt Server 5.6.06 - Missing Authentication for Critical Function
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
CVSS 7.5
CVE-2022-23346 WRITEUP HIGH WRITEUP
BigAnt Server 5.6.06 - Unrestricted Upload of File with Dangerous Type
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
CVSS 8.8
CVE-2022-23347 WRITEUP HIGH WRITEUP
BigAnt Server 5.6.06 - Path Traversal
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
CVSS 7.5
CVE-2022-23348 WRITEUP MEDIUM WRITEUP
BigAnt Server <5.6.06 - Info Disclosure
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
CVSS 5.3
CVE-2022-23349 WRITEUP HIGH WRITEUP
BigAnt Server 5.6.06 - Cross-Site Request Forgery
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVSS 8.8
CVE-2022-23350 WRITEUP MEDIUM WRITEUP
BigAnt Server 5.6.06 - Cross-Site Scripting
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVSS 5.4
CVE-2022-23352 WRITEUP HIGH WRITEUP
BigAnt Server 5.6.06 - Denial of Service via Infinite Loop
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
CVSS 7.5
CVE-2022-26281 WRITEUP HIGH WRITEUP
BigAnt Server <5.6.06 - Info Disclosure
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVSS 7.5
CVE-2025-34078 EXPLOITDB HIGH text WORKING POC
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
CVSS 7.8
CVE-2020-37120 EXPLOITDB CRITICAL python WORKING POC
Rubo DICOM Viewer 2.0 - Buffer Overflow
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.
CVSS 9.8