SivertPL

11 exploits Active since Feb 2017
CVE-2021-27889 EXPLOITDB MEDIUM javascript WORKING POC
MyBB <1.8.26 - XSS
Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages.
CVSS 6.1
CVE-2017-6366 EXPLOITDB HIGH html WORKING POC
Netgear Dgn2200 Firmware < 10.0.0.50 - CSRF
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely.
CVSS 8.8
CVE-2017-6334 METASPLOIT HIGH ruby WORKING POC
Netgear Dgn2200 Series Firmware < 10.0.0.50 - OS Command Injection
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8
CVE-2017-8311 EXPLOITDB HIGH python WORKING POC
Videolan Vlc Media Player < 2.2.4 - Memory Corruption
Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to execute arbitrary code via a crafted subtitles file.
CVSS 7.8
CVE-2021-27890 EXPLOITDB HIGH javascript WORKING POC
MyBB <1.8.26 - SQL Injection
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
CVSS 8.8
CVE-2021-27946 EXPLOITDB HIGH text WORKING POC
MyBB <1.8.26 - SQL Injection
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
CVSS 8.8
EIP-2026-101865 EXPLOITDB python WORKING POC
Netgear DGN2200v1 - Remote Command Execution (RCE) (Unauthenticated)
CVE-2017-6334 EXPLOITDB HIGH html WORKING POC
Netgear Dgn2200 Series Firmware < 10.0.0.50 - OS Command Injection
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8
CVE-2017-6077 EXPLOITDB CRITICAL python WORKING POC
Netgear Dgn2200 Firmware < 10.0.0.50 - OS Command Injection
ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping_IPAddr field of an HTTP POST request.
CVSS 9.8
CVE-2017-6334 EXPLOITDB HIGH python WORKING POC
Netgear Dgn2200 Series Firmware < 10.0.0.50 - OS Command Injection
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8
CVE-2017-6334 EXPLOITDB HIGH ruby WORKING POC
Netgear Dgn2200 Series Firmware < 10.0.0.50 - OS Command Injection
dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077.
CVSS 8.8