Raki Ben Hamouda - Security Researcher - Exploit Intelligence Platform

CVE-2019-20501 EXPLOITDB HIGH text WORKING POC

D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Firmware Upgrade Parameters

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Upgrade Firmware functionality in the Web interface, using shell metacharacters in the admin.cgi?action=upgrade firmwareRestore or firmwareServerip parameter.

CVSS 7.8

View Code

CVE-2019-20500 EXPLOITDB HIGH text WORKING POC

D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Save Configuration

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.

CVSS 7.8

View Code

CVE-2019-20499 METASPLOIT HIGH ruby WORKING POC

D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Config Restore

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.

CVSS 7.8

View Code

EIP-2026-102435 EXPLOITDB text WORKING POC

WSO2 3.1.0 - Persistent Cross-Site Scripting

View Code

EIP-2026-102434 EXPLOITDB text WORKING POC

WSO2 3.1.0 - Arbitrary File Delete

View Code

CVE-2019-20499 EXPLOITDB HIGH text WORKING POC

D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Config Restore

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.

CVSS 7.8

View Code

CVE-2020-10173 EXPLOITDB HIGH text WORKING POC

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m - OS Command Injection via ping.cgi

Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Injection vulnerabilities via the ping and traceroute diagnostic pages, as demonstrated by shell metacharacters in the pingIpAddress parameter to ping.cgi.

CVSS 8.8

View Code

CVE-2019-20499 EXPLOITDB HIGH ruby WORKING POC

D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Config Restore

D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS command injection vulnerability via the Restore Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_restore configRestore or configServerip parameter.

CVSS 7.8

View Code