Todor Donev

84 exploits Active since Jan 2011
CVE-2013-0229 EXPLOITDB perl WORKING POC
Miniupnpd < 1.3 - Denial of Service
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
CVE-2025-34048 EXPLOITDB bash WORKING POC
D-Link DSL-2730U/2750U/2750E - Path Traversal
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
CVE-2020-37157 EXPLOITDB HIGH perl WORKING POC
DBPower C300 HD Camera - Info Disclosure
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
CVSS 7.5
CVE-2020-37146 EXPLOITDB HIGH perl WORKING POC
ACE Security WiP-90113 HD Camera - Info Disclosure
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.
CVSS 7.5
CVE-2020-36871 EXPLOITDB perl WORKING POC
ESCAM QD-900 WIFI HD - Info Disclosure
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.
CVE-2018-10080 EXPLOITDB HIGH bash WORKING POC
Secutech RiS-11, RiS-22, RiS-33 <5.07.52_es_FRI01 - CSRF
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
CVSS 8.6
CVE-2012-1024 EXPLOITDB perl WORKING POC
Enigma2 Webinterface <1.5 - Path Traversal
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2010-3847 EXPLOITDB ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
CVE-2010-3856 METASPLOIT ruby WORKING POC
GNU Glibc < 2.11.2 - Access Control
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
EIP-2026-117584 EXPLOITDB WORKING POC
Microsoft Windows XP - 'tskill' Local Privilege Escalation
EIP-2026-115817 EXPLOITDB perl WORKING POC
Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service
EIP-2026-115103 EXPLOITDB perl WORKING POC
Counter-Strike 1.6 - 'GameInfo' Query Reflection Denial of Service (PoC)
EIP-2026-114757 EXPLOITDB c WORKING POC
SunOS 5.11 ICMP - Denial of Service
EIP-2026-114567 EXPLOITDB perl WORKING POC
Zabbix 4.4 - Authentication Bypass
EIP-2026-113505 EXPLOITDB perl WORKING POC
WordPress Core 5.2.3 - Cross-Site Host Modification
EIP-2026-113996 EXPLOITDB text WRITEUP
WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-104640 EXPLOITDB perl WORKING POC
Opencart < 3.0.2.0 - Denial of Service
EIP-2026-104639 EXPLOITDB bash WORKING POC
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)
EIP-2026-103690 EXPLOITDB perl WORKING POC
UPNPD M-SEARCH - ssdp:discover Reflection Denial of Service
EIP-2026-103599 EXPLOITDB perl WORKING POC
NTPD - MON_GETLIST Query Amplification Denial of Service
CVE-2012-1025 EXPLOITDB perl WORKING POC
Enigma2 Webinterface <1.7.0 - Path Traversal
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter.
EIP-2026-102906 EXPLOITDB c WORKING POC
Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak
CVE-2010-3856 EXPLOITDB ruby WORKING POC
GNU Glibc < 2.11.2 - Access Control
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
EIP-2026-102653 EXPLOITDB c WORKING POC
Linux Kernel 2.6.32-642/3.16.0-4 - 'inode' Integer Overflow
EIP-2026-102786 EXPLOITDB text WORKING POC
Awk to Perl 1.007-5 - Buffer Overflow (PoC)