Patryk Bogdan

12 exploits Active since Dec 2015
CVE-2017-3132 EXPLOITDB MEDIUM text WORKING POC
Fortinet Fortios < 5.6.0 - XSS
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
CVSS 6.1
CVE-2017-3131 EXPLOITDB MEDIUM text WORKING POC
Fortinet Fortios - XSS
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
CVSS 5.4
CVE-2016-1336 EXPLOITDB HIGH text WORKING POC
Cisco EPC3928 - DoS
goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.
CVSS 7.5
CVE-2016-1328 EXPLOITDB HIGH text WORKING POC
Cisco EPC3928 - DoS
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
CVSS 7.5
CVE-2015-6402 EXPLOITDB text WORKING POC
Cisco Epc3928 Docsis 3.0 8x4 Wireless... - XSS
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
CVE-2015-6401 EXPLOITDB text WORKING POC
Cisco Epc3928 Docsis 3.0 8x4 Wireless... - Authentication Bypass
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.
CVE-2017-3133 EXPLOITDB MEDIUM text WORKING POC
Fortinet Fortios < 5.6.0 - XSS
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
CVSS 6.1
CVE-2018-10822 EXPLOITDB HIGH WORKING POC
Dlink Dwr-116 Firmware < 1.06 - Path Traversal
Directory traversal vulnerability in the web interface on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 devices allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-6190.
CVSS 7.5
CVE-2017-6190 EXPLOITDB HIGH text WORKING POC
Dlink Dwr-116 Firmware - Path Traversal
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
CVSS 7.5
CVE-2017-7588 EXPLOITDB CRITICAL php WORKING POC
Brother Devices - Auth Bypass
On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L2740DW MFC-J5910DW MFC-J6920DW MFC-L2700DW MFC-9130CW MFC-9330CDW MFC-9340CDW MFC-J5620DW MFC-J6720DW MFC-L8600CDW MFC-L9550CDW MFC-L2720DW DCP-L2540DW DCP-L2520DW HL-3140CW HL-3170CDW HL-3180CDW HL-L8350CDW HL-L2380DW ADS-2500W ADS-1000W ADS-1500W.
CVSS 9.8
EIP-2026-100199 EXPLOITDB text WORKING POC
Cisco EPC 3925 - Multiple Vulnerabilities
CVE-2016-1337 EXPLOITDB HIGH text WORKING POC
Cisco EPC3928 - Info Disclosure
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
CVSS 8.1