Karn Ganeshen

53 exploits Active since Feb 2010
CVE-2017-5255 METASPLOIT HIGH ruby WORKING POC
Cambium Networks ePMP <3.5 - Command Injection
In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a specially-crafted POST request to the get_chart function and run OS-level commands, effectively as root.
CVSS 8.8
EIP-2026-119239 EXPLOITDB python WORKING POC
UPlusFTP Server 1.7.1.01 - (Authenticated) HTTP Remote Buffer Overflow
EIP-2026-119214 EXPLOITDB python WORKING POC
TFTP Server 1.4 - 'WRQ' Remote Buffer Overflow (Egghunter)
EIP-2026-118482 EXPLOITDB python WORKING POC
EasyFTP Server 1.7.0.11 - 'LIST' (Authenticated) Remote Buffer Overflow
EIP-2026-118485 EXPLOITDB python WORKING POC
EasyFTP Server 1.7.0.11 - 'MKD' (Authenticated) Remote Buffer Overflow
EIP-2026-117662 EXPLOITDB text WRITEUP
mySCADAPro 7 - Local Privilege Escalation
EIP-2026-117468 EXPLOITDB python WORKING POC
Mediacoder 0.8.43.5852 - '.m3u' (SEH)
EIP-2026-116999 EXPLOITDB python WORKING POC
CoolPlayer+ Portable 2.19.6 - '.m3u' File Stack Overflow (Egghunter + ASLR Bypass)
EIP-2026-115374 EXPLOITDB python WORKING POC
Halliburton LogView Pro 9.7.5 - '.cgm' / '.tif' / '.tiff' / '.tifh' Crash (PoC)
EIP-2026-114781 EXPLOITDB ruby WORKING POC
Cambium ePMP1000 - 'ping' Shell via Command Injection (Metasploit)
CVE-2015-8284 EXPLOITDB HIGH text WORKING POC
SeaWell Networks Spectrum SDC <2.05.00 - Privilege Escalation
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
CVSS 8.8
EIP-2026-105853 EXPLOITDB text WRITEUP
CIMA DocuClass ECM - Multiple Vulnerabilities
CVE-2016-2296 EXPLOITDB CRITICAL ruby WORKING POC
Meteocontrol Web'log Basic 100 - Security Feature Bypass
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVSS 9.4
EIP-2026-103910 EXPLOITDB text WORKING POC
Google Chrome 2.0.172 - 'chrome://history/' URI Cross-Site Scripting
CVE-2015-8703 EXPLOITDB MEDIUM text WRITEUP
ZTE Zxhn H108n R1a Firmware - Information Disclosure
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 W300 devices W300V1.0.0f_ER1_PE allow remote authenticated users to bypass intended access restrictions, and discover credentials and keys, by reading the configuration file, a different vulnerability than CVE-2015-7248.
CVSS 6.5
CVE-2015-6018 EXPLOITDB CRITICAL text WORKING POC
ZyXEL PMG5318-B20A <1.00(AANC.2)C0 - RCE
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
CVSS 9.8
CVE-2015-7259 EXPLOITDB HIGH text WRITEUP
ZTE Zxv10 W300 Firmware - Credentials Management
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
CVSS 8.8
CVE-2015-4040 EXPLOITDB text WORKING POC
F5 Enterprise Manager < 11.6.0 - Path Traversal
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
EIP-2026-101929 EXPLOITDB text WRITEUP
PROLiNK H5004NK ADSL Wireless Modem - Multiple Vulnerabilities
EIP-2026-101888 EXPLOITDB text WRITEUP
netis RealTek Wireless Router / ADSL Modem - Multiple Vulnerabilities
EIP-2026-101872 EXPLOITDB text WRITEUP
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
CVE-2016-0862 EXPLOITDB MEDIUM text WORKING POC
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
CVSS 6.5
CVE-2015-7247 EXPLOITDB CRITICAL text WRITEUP
D-link Dvg-n5402sp Firmware - Information Disclosure
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
CVSS 9.8
CVE-2016-2278 EXPLOITDB HIGH text WRITEUP
Schneider-electric Struxureware Build... - Improper Access Control
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
CVSS 7.2
CVE-2010-0607 EXPLOITDB text WORKING POC
Sterlitetechnologies Sam300 AX Router - XSS
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter.