Momen Eldawakhly

18 exploits Active since Dec 2021
CVE-2025-13911 WRITEUP MEDIUM WRITEUP
Ignition SCADA - Privilege Escalation
The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issue lies in the Ignition service account having system permissions beyond what an Ignition privileged user requires. When an authenticated administrator uploads a malicious project file containing Python scripts with bind shell capabilities, the application executes these scripts with the same privileges as the Ignition Gateway process, which typically runs with SYSTEM-level permissions on Windows. Alternative code execution patterns could lead to similar results.
CVSS 6.4
CVE-2022-36642 EXPLOITDB CRITICAL text WORKING POC
Omnia MPX Node Firmware < 1.5.0 - Unauthenticated Local File Disclosure via /appConfig/userDB.json
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability.
CVSS 9.8
CVE-2022-50926 EXPLOITDB CRITICAL text WORKING POC
WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' parameters to elevate from ordinary user to administrative privileges without authentication.
CVSS 9.8
CVE-2022-31885 EXPLOITDB CRITICAL text WORKING POC
Marval MSM v14.19.0.12476 - OS Command Injection via VBScript Handling
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
CVSS 9.8
CVE-2022-31886 EXPLOITDB MEDIUM text WORKING POC
Marval MSM v14.19.0.12476 - Cross-Site Request Forgery via 2FA Disable Form
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
CVSS 6.5
CVE-2022-30286 EXPLOITDB HIGH text WORKING POC
PyScript <2022-05-04 - Info Disclosure
pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.
CVSS 7.5
CVE-2021-45425 EXPLOITDB MEDIUM text WORKING POC
SAFARI Montage 8.3 and 8.5 - Reflected Cross-Site Scripting
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.
CVSS 6.1
CVE-2021-45814 EXPLOITDB CRITICAL text WORKING POC
Nettmp NNT 5.1 - SQL Injection
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
CVSS 9.8
CVE-2021-46387 EXPLOITDB MEDIUM text WORKING POC
ZyXEL ZyWALL 2 Plus Internet Security Appliance Firmware - Cross-Site Scripting via Insecure URI Handling
ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.
CVSS 6.1
CVE-2021-45043 EXPLOITDB HIGH text WORKING POC
HD-Network Real-time Monitoring System 2.0 - Path Traversal via Language Parameter
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
CVSS 7.5
CVE-2021-46417 EXPLOITDB HIGH text WORKING POC
Franklin Fueling Systems Colibri Controller Module 1.8.19.8580 - Path Traversal
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.
CVSS 7.5
CVE-2021-46418 EXPLOITDB HIGH text WORKING POC
Telesquare TLR-2855KS6 - Info Disclosure
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.
CVSS 7.5
CVE-2021-46416 EXPLOITDB HIGH text WORKING POC
SUNNY TRIPOWER 5.0 - Info Disclosure
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.
CVSS 8.1
CVE-2023-1934 EXPLOITDB CRITICAL text WORKING POC
PnPSCADA - Unauthenticated SQL Injection via hitlogcsv.jsp Endpoint
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.
CVSS 9.8
CVE-2021-46419 EXPLOITDB CRITICAL text WORKING POC
Telesquare TLR-2855KS6 - Info Disclosure
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
CVSS 9.1
CVE-2023-27826 EXPLOITDB HIGH python WORKING POC
SeowonIntech SWC-5100W Firmware 1.11.0.1, 1.9.9.4 - OS Command Injection via doSystem() Function
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.
CVSS 8.8
CVE-2021-46381 EXPLOITDB HIGH text WORKING POC
D-Link DAP-1620 Firmware - Path Traversal and Unauthorized File Read
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
CVSS 7.5
CVE-2022-35583 EXPLOITDB CRITICAL text WORKING POC
wkhtmltopdf 0.12.6 - Server-Side Request Forgery via iframe Source
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.
CVSS 9.8