Michael Messner - Security Researcher - Exploit Intelligence Platform

CVE-2005-2799 METASPLOIT ruby WORKING POC

Linksys WRT54G <4.20.7 - Buffer Overflow

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.

View Code

CVE-2014-8361 METASPLOIT CRITICAL ruby WORKING POC

Realtek SDK - Remote Code Execution

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

CVSS 9.8

View Code

CVE-2014-9727 METASPLOIT ruby WORKING POC

AVM Fritz!Box - Remote Command Execution via var:lang Parameter

AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

View Code

CVE-2013-7389 METASPLOIT ruby WORKING POC

D-Link DIR-645 < 1.04B11 - Cross-Site Scripting via Parental Controls Bind Parameter

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.

View Code

CVE-2015-2797 METASPLOIT ruby WORKING POC

AirTies Air Firmware < 1.0.2.0 - Remote Code Execution via Long Redirect Parameter

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.

View Code

CVE-2014-8361 METASPLOIT CRITICAL ruby WORKING POC

Realtek SDK - Remote Code Execution

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

CVSS 9.8

View Code

CVE-2014-100005 METASPLOIT HIGH ruby WORKING POC

D-Link DIR-600 Firmware < 2.16ww - Cross-Site Request Forgery via hedwig.cgi, pigwidgeon.cgi, or diagnostic.php

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator account or (2) enable remote management via a crafted configuration module to hedwig.cgi, (3) activate new configuration settings via a SETCFG,SAVE,ACTIVATE action to pigwidgeon.cgi, or (4) send a ping via a ping action to diagnostic.php.

CVSS 8.0

View Code

CVE-2014-1635 METASPLOIT ruby WORKING POC

Belkin N750 Router <F9K1103_WW_1.10.17m - Buffer Overflow

Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter.

View Code

CVE-2013-7389 METASPLOIT ruby WORKING POC

D-Link DIR-645 < 1.04B11 - Cross-Site Scripting via Parental Controls Bind Parameter

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.

View Code

CVE-2025-34125 METASPLOIT CRITICAL ruby WORKING POC

D-Link DSP-W110A1 <1.05B01 - Command Injection

An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary commands on the underlying Linux operating system. Successful exploitation enables full system compromise.

View Code

EIP-2026-114782 EXPLOITDB ruby WORKING POC

D-Link Devices - UPnP SOAP TelnetD Command Execution (Metasploit)

View Code

CVE-2014-8361 EXPLOITDB CRITICAL ruby WORKING POC

Realtek SDK - Remote Code Execution

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

CVSS 9.8

View Code

CVE-2015-1187 EXPLOITDB CRITICAL ruby WORKING POC

D-Link Routers - Remote Code Execution via ping.ccp

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.

CVSS 9.8

View Code

CVE-2013-3307 EXPLOITDB HIGH text WORKING POC

Linksys E1000/E1200/E3200 - Command Injection

Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

CVSS 8.3

View Code

CVE-2013-2679 EXPLOITDB MEDIUM text WORKING POC

Linksys E4200 Firmware 1.0.05 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.

CVSS 6.1

View Code

CVE-2013-2678 EXPLOITDB HIGH text WORKING POC

Cisco Linksys E4200 1.0.05 - Code Injection

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.

CVSS 8.1

View Code

EIP-2026-101836 EXPLOITDB text WORKING POC

Linksys WAG200G - Multiple Vulnerabilities

View Code

CVE-2013-2678 EXPLOITDB HIGH text WORKING POC

Cisco Linksys E4200 1.0.05 - Code Injection

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.

CVSS 8.1

View Code

EIP-2026-101689 EXPLOITDB text WRITEUP

Edimax EW-7206-APg and EW-7209APg - Multiple Vulnerabilities

View Code

EIP-2026-101649 EXPLOITDB text WRITEUP

D-Link DSL-320B - Multiple Vulnerabilities

View Code

EIP-2026-101630 EXPLOITDB text WRITEUP

D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities

View Code

EIP-2026-101613 EXPLOITDB text WRITEUP

D-Link - Multiple Vulnerabilities

View Code

EIP-2026-101614 EXPLOITDB text WRITEUP

D-Link - OS-Command Injection via UPnP Interface

View Code

CVE-2012-6276 EXPLOITDB text WRITEUP

TP-LINK TL-WR841N Firmware 3.13.9 build 120201 Rel.54965n - Path Traversal via URL Parameter

Directory traversal vulnerability in the web-based management interface on the TP-LINK TL-WR841N router with firmware 3.13.9 build 120201 Rel.54965n and earlier allows remote attackers to read arbitrary files via the URL parameter.

View Code

EIP-2026-101905 EXPLOITDB text WRITEUP

OpenPLI 3.0 Beta (OpenPLi-beta-dm7000-20130127-272) - Multiple Vulnerabilities

View Code