SivertPL

11 exploits Active since Feb 2017
CVE-2021-27889 EXPLOITDB MEDIUM javascript WORKING POC
MyBB < 1.8.26 - Cross-Site Scripting via Nested Auto URL Message Parsing
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
CVSS 6.1
CVE-2017-6366 EXPLOITDB HIGH html WORKING POC
NETGEAR DGN2200 Firmware 10.0.0.20-10.0.0.50 - Cross-Site Request Forgery via DNS Lookup
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
CVSS 8.8
CVE-2017-6334 METASPLOIT HIGH ruby WORKING POC
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8
CVE-2017-8311 EXPLOITDB HIGH python WORKING POC
VideoLAN VLC < 2.2.5 - Heap-Based Buffer Overflow via Crafted Subtitles File
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
CVSS 7.8
CVE-2021-27890 EXPLOITDB HIGH javascript WORKING POC
MyBB < 1.8.26 - SQL Injection via Theme XML File Properties
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
CVSS 8.8
CVE-2021-27946 EXPLOITDB HIGH text WORKING POC
MyBB < 1.8.26 - SQL Injection via Poll Vote Count
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
CVSS 8.8
EIP-2026-101865 EXPLOITDB python WORKING POC
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)
CVE-2017-6334 EXPLOITDB HIGH html WORKING POC
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8
CVE-2017-6077 EXPLOITDB CRITICAL python WORKING POC
NETGEAR DGN2200 Firmware < 10.0.0.50 - Authenticated OS Command Injection via ping_IPAddr Parameter
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
CVSS 9.8
CVE-2017-6334 EXPLOITDB HIGH python WORKING POC
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8
CVE-2017-6334 EXPLOITDB HIGH ruby WORKING POC
NETGEAR DGN2200 Series Firmware <= 10.0.0.50 - Authenticated OS Command Injection via dnslookup.cgi host_name Parameter
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8