SecuriTeam

56 exploits Active since Nov 2000
CVE-2017-14335 EXPLOITDB HIGH WORKING POC
Beijing Hanbang Hanbanggaoke - Info Disclosure
On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.
CVSS 7.5
CVE-2017-11456 EXPLOITDB HIGH WORKING POC
Geneko GWR - Path Traversal
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.
CVSS 7.5
CVE-2017-11502 EXPLOITDB CRITICAL WORKING POC
Technicolor DPC3928AD - Info Disclosure
Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.
CVSS 9.8
CVE-2017-17761 EXPLOITDB CRITICAL WRITEUP
Ichano AtHome IP Camera - Command Injection
An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response.
CVSS 9.8
CVE-2018-5347 EXPLOITDB CRITICAL WORKING POC
Seagate Media Server - Command Injection
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
CVSS 9.8
EIP-2026-100907 EXPLOITDB python WORKING POC
Synology StorageManager 5.2 - Root Remote Command Execution