Momen Eldawakhly (Cyber Guy)

7 exploits Active since Dec 2021
CVE-2022-31885 EXPLOITDB CRITICAL text WORKING POC
Marval MSM v14.19.0.12476 - OS Command Injection via VBScript Handling
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
CVSS 9.8
CVE-2021-45814 EXPLOITDB CRITICAL text WORKING POC
Nettmp NNT 5.1 - SQL Injection
Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.
CVSS 9.8
CVE-2021-45043 EXPLOITDB HIGH text WORKING POC
HD-Network Real-time Monitoring System 2.0 - Path Traversal via Language Parameter
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter.
CVSS 7.5
CVE-2021-46419 EXPLOITDB CRITICAL text WORKING POC
Telesquare TLR-2855KS6 - Info Disclosure
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.
CVSS 9.1
CVE-2023-27826 EXPLOITDB HIGH python WORKING POC
SeowonIntech SWC-5100W Firmware 1.11.0.1, 1.9.9.4 - OS Command Injection via doSystem() Function
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.
CVSS 8.8
CVE-2021-46416 EXPLOITDB HIGH text WORKING POC
SUNNY TRIPOWER 5.0 - Info Disclosure
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.
CVSS 8.1
CVE-2021-46381 EXPLOITDB HIGH text WORKING POC
D-Link DAP-1620 Firmware - Path Traversal and Unauthorized File Read
Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].
CVSS 7.5