Craig Heffner

26 exploits Active since Nov 2006
CVE-2014-125122 EXPLOITDB MEDIUM python WORKING POC
Linksys WRT120N - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.
CVE-2014-125117 EXPLOITDB CRITICAL ruby WORKING POC
Dlink Dsp-w215 Firmware - Improper Input Validation
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.
CVSS 9.8
CVE-2012-10021 EXPLOITDB CRITICAL ruby WORKING POC
D-Link DIR-605L Wireless N300 Cloud Router <1.13 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
CVSS 9.8
CVE-2007-1224 EXPLOITDB perl WORKING POC
Grok Developments NetProxy 4.03 - CSRF
Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
CVE-2014-125122 METASPLOIT MEDIUM ruby WORKING POC
Linksys WRT120N - Buffer Overflow
A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.
CVE-2012-10021 METASPLOIT CRITICAL ruby WORKING POC
D-Link DIR-605L Wireless N300 Cloud Router <1.13 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage of sprintf() when processing user-supplied CAPTCHA data via the FILECODE parameter in /goform/formLogin. A remote unauthenticated attacker can exploit this to execute arbitrary code with root privileges on the device.
CVSS 9.8
CVE-2014-3936 METASPLOIT ruby WORKING POC
D-Link DSP-W215 <1.01b06 - Buffer Overflow
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
CVE-2014-125117 METASPLOIT CRITICAL ruby WORKING POC
Dlink Dsp-w215 Firmware - Improper Input Validation
A stack-based buffer overflow vulnerability in the my_cgi.cgi component of certain D-Link devices, including the DSP-W215 version 1.02, can be exploited via a specially crafted HTTP POST request to the /common/info.cgi endpoint. This flaw enables an unauthenticated attacker to achieve remote code execution with system-level privileges.
CVSS 9.8
CVE-2013-7389 METASPLOIT ruby WORKING POC
D-Link DIR-645 Router - XSS
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2013-7389 METASPLOIT ruby WORKING POC
D-Link DIR-645 Router - XSS
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2015-2051 METASPLOIT HIGH ruby WORKING POC
Dlink Dir-645 Firmware < 1.05b01 - Command Injection
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
CVSS 8.8
CVE-2007-1225 EXPLOITDB perl WORKING POC
Grok Developments NetProxy 4.03 - Info Disclosure
The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
CVE-2006-7133 EXPLOITDB text WRITEUP
Php Upload Tool - Path Traversal
Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename parameter.
CVE-2006-7134 EXPLOITDB text WRITEUP
Noah Spurrier Upload Tool For Php - Unrestricted File Upload
Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6028 EXPLOITDB text WORKING POC
Anton Vlasov Dosepa - Path Traversal
Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path in the file parameter.
CVE-2006-5889 EXPLOITDB python WORKING POC
Brewblogger - SQL Injection
SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-101657 EXPLOITDB text WRITEUP
D-Link WBR-1310 - Authentication Bypass
EIP-2026-101653 EXPLOITDB text WRITEUP
D-Link Routers - Authentication Bypass (1)
EIP-2026-101215 EXPLOITDB ruby WORKING POC
D-Link Devices - 'Authentication.cgi' Remote Buffer Overflow (Metasploit)
CVE-2013-6027 EXPLOITDB python WORKING POC
Dlink Dir-100 - Memory Corruption
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
EIP-2026-101178 EXPLOITDB text WORKING POC
Belkin F5D8233-4 Wireless N Router (Multiple Scripts) - Authentication Bypass
EIP-2026-101249 EXPLOITDB text WRITEUP
DD-WRT 24-preSP2 - Information Disclosure
CVE-2014-3936 EXPLOITDB ruby WORKING POC
D-Link DSP-W215 <1.01b06 - Buffer Overflow
Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi in D-Link DSP-W215 (Rev. A1) with firmware 1.01b06 and earlier, DIR-505 with firmware before 1.08b10, and DIR-505L with firmware 1.01 and earlier allows remote attackers to execute arbitrary code via a long Content-Length header in a GetDeviceSettings action in an HNAP request.
CVE-2015-2051 EXPLOITDB HIGH ruby WORKING POC
Dlink Dir-645 Firmware < 1.05b01 - Command Injection
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
CVSS 8.8
EIP-2026-101217 EXPLOITDB ruby WORKING POC
D-Link Devices - 'hedwig.cgi' Remote Buffer Overflow in Cookie Header (Metasploit)