Rew

9 exploits Active since Jun 2007
CVE-2025-34037 EXPLOITDB CRITICAL php WORKING POC
Linksys E-Series - Command Injection
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm  in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
CVE-2025-34037 METASPLOIT CRITICAL ruby WORKING POC
Linksys E-Series - Command Injection
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm  in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
EIP-2026-118951 EXPLOITDB html WORKING POC
Netcraft Toolbar 1.8.1 - Remote Code Execution
EIP-2026-118676 EXPLOITDB html WORKING POC
ImageShack Toolbar 4.8.3.75 - Remote Code Execution
EIP-2026-118067 EXPLOITDB html WORKING POC
Viscom VideoEdit Gold ActiveX 8.0 - Code Execution
CVE-2007-3068 EXPLOITDB php WORKING POC
DVD X Player 4.1 Professional - Stack-Based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
EIP-2026-116757 EXPLOITDB text WORKING POC
Alice 2.2 - Arbitrary Code Execution
CVE-2010-3306 EXPLOITDB text WORKING POC
Weborf < 0.12.3 - Path Traversal via URI ..%2f Sequences
Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.
EIP-2026-102612 EXPLOITDB text WORKING POC
GNU InetUtils 1.8-1 - FTP Client Heap Overflow