Jeroen - IT Nerdbox

14 exploits Active since Dec 2013
CVE-2017-14507 EXPLOITDB CRITICAL text WRITEUP
Content Timeline plugin 4.4.2 - SQL Injection
Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.
CVSS 9.8
CVE-2013-7319 EXPLOITDB text WRITEUP
WordPress Download Mgr <2.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
EIP-2026-107396 EXPLOITDB text WORKING POC
Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting
CVE-2013-6922 EXPLOITDB text WORKING POC
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.
CVE-2013-6923 EXPLOITDB text WORKING POC
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Cross-Site Scripting via fullname or workname Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.
CVE-2013-6924 EXPLOITDB CRITICAL text WORKING POC
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Remote Command Execution via backupmgt/getAlias.php ip Parameter
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
CVSS 9.8
CVE-2014-1677 EXPLOITDB HIGH text WORKING POC
Technicolor TC7200 - Info Disclosure
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
CVSS 7.5
CVE-2013-6976 EXPLOITDB text WORKING POC
Cisco EPC3925 - Cross-Site Request Forgery via Quick Setup Password Change
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
CVE-2014-0620 EXPLOITDB text WORKING POC
Technicolor TC7200 STD6.01.12 - Cross-Site Scripting via ADDNewDomain or VmTracerouteHost Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
EIP-2026-102084 EXPLOITDB text WORKING POC
Ubee EVW3200 - Cross-Site Request Forgery
EIP-2026-102085 EXPLOITDB text WORKING POC
Ubee EVW3200 - Multiple Persistent Cross-Site Scripting Vulnerabilities
CVE-2014-0621 EXPLOITDB text WRITEUP
Technicolor TC7200 STD6.01.12 - Cross-Site Request Forgery via Multiple Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
CVE-2013-6976 EXPLOITDB text WORKING POC
Cisco EPC3925 - Cross-Site Request Forgery via Quick Setup Password Change
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
CVE-2013-6924 EXPLOITDB CRITICAL php WORKING POC
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Remote Command Execution via backupmgt/getAlias.php ip Parameter
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
CVSS 9.8