Roberto Paleari

27 exploits Active since Nov 2012
CVE-2015-8780 WRITEUP MEDIUM WORKING POC
Samsung Kies < 2015-10-30 - Path Traversal via Kies Restore
Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.
CVSS 6.4
CVE-2016-2036 WRITEUP MEDIUM WRITEUP
Samsung kernel - Null Pointer Dereference
The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.
CVSS 5.5
CVE-2016-2565 WRITEUP LOW WRITEUP
Samsung Galaxy S6 Firmware - Unauthorized Sent Email Exposure via SecEmailSync
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.
CVSS 3.3
CVE-2016-2566 WRITEUP CRITICAL WRITEUP
Samsung Galaxy S6 Firmware - SQL Injection in SecEmailSync
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.
CVSS 9.8
CVE-2016-2567 WRITEUP LOW WRITEUP
Samsung Galaxy S6 and Note 3 Firmware - URL Filter Bypass via Query String Exceptional URL
secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL.
CVSS 3.3
CVE-2016-4030 WRITEUP MEDIUM WRITEUP
Samsung Galaxy S6, Note 3, S4 mini, S4 mini LTE, S4 - Unauthenticated Modem Access via USB Configuration
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301.
CVSS 6.8
CVE-2016-4031 WRITEUP MEDIUM WRITEUP
Samsung Devices - Command Injection
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301.
CVSS 6.8
CVE-2016-4032 WRITEUP MEDIUM WRITEUP
Samsung Galaxy S6, Note 3, S4 mini, S4 mini LTE, S4 - Improper Access Control via AT Command Injection
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301.
CVSS 4.6
CVE-2024-12847 EXPLOITDB CRITICAL text WRITEUP
NETGEAR DGN1000 < 1.1.00.48 - Unauthenticated OS Command Injection via setup.cgi
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
CVSS 9.8
CVE-2013-3317 EXPLOITDB CRITICAL text WORKING POC
Netgear WNR1000v3 <1.0.2.60 - Auth Bypass
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key.
CVSS 9.8
CVE-2013-3316 EXPLOITDB CRITICAL text WORKING POC
Netgear WNR1000v3 <1.0.2.60 - Auth Bypass
Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass due to the server skipping checks for URLs containing a ".jpg".
CVSS 9.8
CVE-2013-4630 EXPLOITDB text WORKING POC
Huawei AR 150, 200, 1200, 2200, and 3200 - Stack-based Buffer Overflow via SNMPv3 Requests
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
CVE-2012-5863 EXPLOITDB text WRITEUP
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Authenticated OS Command Injection
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.
CVE-2012-5862 EXPLOITDB text WRITEUP
Sinapsi eSolar, eSolar DUO, eSolar Light and sinapsi_firmware < 2.0.2870 - Use of Hard-coded Password
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.
CVE-2012-5861 EXPLOITDB text WRITEUP
Sinapsi eSolar, eSolar DUO, and eSolar Light < 2.0.2870_xxx_2.2.12 - Unauthenticated SQL Injection
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
CVE-2013-7389 METASPLOIT ruby WORKING POC
D-Link DIR-645 < 1.04B11 - Cross-Site Scripting via Parental Controls Bind Parameter
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2013-7389 METASPLOIT ruby WORKING POC
D-Link DIR-645 < 1.04B11 - Cross-Site Scripting via Parental Controls Bind Parameter
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2012-5864 EXPLOITDB text WRITEUP
Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Unauthenticated Administrative Access
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.
EIP-2026-101620 EXPLOITDB text WRITEUP
D-Link DCS Cameras - Multiple Vulnerabilities
EIP-2026-102006 EXPLOITDB text WRITEUP
Sitecom N300/N600 Devices - Multiple Vulnerabilities
CVE-2013-7389 EXPLOITDB text WORKING POC
D-Link DIR-645 < 1.04B11 - Cross-Site Scripting via Parental Controls Bind Parameter
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
EIP-2026-101564 EXPLOITDB text WRITEUP
BigPond 3G21WB - Multiple Vulnerabilities
EIP-2026-101215 EXPLOITDB ruby WORKING POC
D-Link Devices - 'Authentication.cgi' Remote Buffer Overflow (Metasploit)
CVE-2012-4960 EXPLOITDB python WORKING POC
Huawei Various - Path Traversal
The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, NE20, ME60, CX600, CX200, CX300, ACU, WLAN AC 6605, S9300, S7700, S2300, S3300, S5300, S3300HI, S5300HI, S5306, S6300, S2700, S3700, S5700, S6700, AR G3, H3C AR(OEM IN), AR 19, AR 29, AR 49, Eudemon100E, Eudemon200, Eudemon300, Eudemon500, Eudemon1000, Eudemon1000E-U/USG5300, Eudemon1000E-X/USG5500, Eudemon8080E/USG9300, Eudemon8160E/USG9300, Eudemon8000E-X/USG9500, E200E-C/USG2200, E200E-X3/USG2200, E200E-X5/USG2200, E200E-X7/USG2200, E200E-C/USG5100, E200E-X3/USG5100, E200E-X5/USG5100, E200E-X7/USG5100, E200E-B/USG2100, E200E-X1/USG2100, E200E-X2/USG2100, SVN5300, SVN2000, SVN5000, SVN3000, NIP100, NIP200, NIP1000, NIP2100, NIP2200, and NIP5100 use the DES algorithm for stored passwords, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
EIP-2026-101247 EXPLOITDB text WRITEUP
D-Link ShareCenter Products - Multiple Remote Code Execution Vulnerabilities