bzyo

68 exploits Active since Mar 2014
CVE-2018-10326 WRITEUP MEDIUM WRITEUP
PrinterOn Enterprise 4.1.3 - Authenticated XSS
PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest.
CVSS 5.4
CVE-2018-10327 WRITEUP HIGH WRITEUP
PrinterOn Enterprise 4.1.3 - Info Disclosure
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.
CVSS 7.0
CVE-2020-12715 WRITEUP HIGH WRITEUP
RainbowFish PacsOne Server 6.8.4 - Privilege Escalation
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
CVSS 8.8
CVE-2020-12869 WRITEUP MEDIUM WRITEUP
RainbowFish PacsOne Server 6.8.4 - XSS
RainbowFish PacsOne Server 6.8.4 allows XSS.
CVSS 5.4
CVE-2020-12870 WRITEUP CRITICAL WRITEUP
RainbowFish PacsOne Server 6.8.4 - SQL Injection
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.
CVSS 9.8
CVE-2022-23345 WRITEUP HIGH WRITEUP
Bigantsoft Bigant Server - Missing Authentication
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
CVSS 7.5
CVE-2022-23346 WRITEUP HIGH WRITEUP
Bigantsoft Bigant Server - Unrestricted File Upload
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
CVSS 8.8
CVE-2022-23347 WRITEUP HIGH WRITEUP
Bigantsoft Bigant Server - Path Traversal
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
CVSS 7.5
CVE-2022-23348 WRITEUP MEDIUM WRITEUP
BigAnt Server <5.6.06 - Info Disclosure
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
CVSS 5.3
CVE-2022-23349 WRITEUP HIGH WRITEUP
Bigantsoft Bigant Server - CSRF
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
CVSS 8.8
CVE-2022-23350 WRITEUP MEDIUM WRITEUP
Bigantsoft Bigant Server - XSS
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVSS 5.4
CVE-2022-23352 WRITEUP HIGH WRITEUP
Bigantsoft Bigant Server - Infinite Loop
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
CVSS 7.5
CVE-2022-26281 WRITEUP HIGH WRITEUP
BigAnt Server <5.6.06 - Info Disclosure
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
CVSS 7.5
CVE-2025-34078 EXPLOITDB HIGH text WORKING POC
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
CVSS 7.8
CVE-2020-37120 EXPLOITDB CRITICAL python WORKING POC
Rubo DICOM Viewer 2.0 - Buffer Overflow
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by overwriting SEH and triggering remote code execution.
CVSS 9.8
CVE-2020-37009 EXPLOITDB HIGH python WORKING POC
MedDream PACS Server 6.8.3.751 - Authenticated RCE
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system commands with elevated privileges.
CVSS 8.8
CVE-2018-19936 EXPLOITDB MEDIUM text WRITEUP
PrinterOn Enterprise 4.1.4 - Info Disclosure
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
CVSS 6.5
CVE-2018-10078 EXPLOITDB MEDIUM text WORKING POC
Geist WatchDog Console 3.2.2 - XSS
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
CVSS 4.8
CVE-2018-10077 EXPLOITDB MEDIUM text WORKING POC
Geist WatchDog Console 3.2.2 - Info Disclosure
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
CVSS 4.9
CVE-2025-34078 METASPLOIT HIGH ruby WORKING POC
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
CVSS 7.8
CVE-2014-2206 METASPLOIT ruby WORKING POC
GetGo Download Manager <4.9.0.1982 - Buffer Overflow
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
EIP-2026-119649 EXPLOITDB python WORKING POC
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
EIP-2026-119650 EXPLOITDB python WORKING POC
R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
CVE-2018-10763 EXPLOITDB MEDIUM text WRITEUP
Synametrics Synaman - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.
CVSS 4.8
EIP-2026-119648 EXPLOITDB python WORKING POC
R 3.4.4 (Windows 10 x64) - Buffer Overflow (DEP/ASLR Bypass)