Todor Donev

85 exploits Active since Jan 2011
CVE-2018-25318 EXPLOITDB CRITICAL text WORKING POC
Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change
Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites.
CVSS 9.8
CVE-2018-25317 EXPLOITDB CRITICAL text WORKING POC
Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers.
CVSS 9.8
CVE-2018-25316 EXPLOITDB CRITICAL text WORKING POC
Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change
Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites.
CVSS 9.8
CVE-2010-3847 METASPLOIT ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
CVE-2019-25472 EXPLOITDB HIGH perl WORKING POC
IntelBras TIP200/TIP200 LITE - Info Disclosure
IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.
CVSS 7.5
CVE-2019-25465 EXPLOITDB HIGH perl WORKING POC
Hisilicon HiIpcam V100R003 - Path Traversal
Hisilicon HiIpcam V100R003 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by exploiting directory listing in the cgi-bin directory. Attackers can request the getadslattr.cgi endpoint to retrieve ADSL credentials and network configuration parameters including usernames, passwords, and DNS settings.
CVSS 7.5
CVE-2013-0229 EXPLOITDB perl WORKING POC
Miniupnpd < 1.3 - Denial of Service
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
CVE-2025-34048 EXPLOITDB HIGH bash WORKING POC
D-Link DSL-2730U/2750U/2750E - Path Traversal
A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-04 UTC.
CVE-2020-37157 EXPLOITDB HIGH perl WORKING POC
DBPower C300 HD Camera - Info Disclosure
DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extract hardcoded username and password by accessing the /tmpfs/config_backup.bin resource.
CVSS 7.5
CVE-2020-37146 EXPLOITDB HIGH perl WORKING POC
ACE Security WiP-90113 HD Camera - Info Disclosure
ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /config_backup.bin endpoint, exposing credentials and system settings.
CVSS 7.5
CVE-2020-36871 EXPLOITDB HIGH perl WORKING POC
ESCAM QD-900 WIFI HD - Info Disclosure
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include administrative credentials and other sensitive device settings, enabling an unauthenticated remote attacker to obtain information that may facilitate further compromise of the camera or connected network.
CVE-2018-10080 EXPLOITDB HIGH bash WORKING POC
Secutech RiS-11, RiS-22, RiS-33 <5.07.52_es_FRI01 - CSRF
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie.
CVSS 8.6
CVE-2012-1024 EXPLOITDB perl WORKING POC
Enigma2 Webinterface <1.5 - Path Traversal
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2010-3847 EXPLOITDB ruby WORKING POC
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
CVE-2010-3856 METASPLOIT ruby WORKING POC
GNU Glibc < 2.11.2 - Access Control
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
EIP-2026-117584 EXPLOITDB WORKING POC
Microsoft Windows XP - 'tskill' Local Privilege Escalation
EIP-2026-115817 EXPLOITDB perl WORKING POC
Microsoft Windows Server 2008/2012 - LDAP RootDSE Netlogon Denial of Service
EIP-2026-115103 EXPLOITDB perl WORKING POC
Counter-Strike 1.6 - 'GameInfo' Query Reflection Denial of Service (PoC)
EIP-2026-114567 EXPLOITDB perl WORKING POC
Zabbix 4.4 - Authentication Bypass
EIP-2026-114757 EXPLOITDB c WORKING POC
SunOS 5.11 ICMP - Denial of Service
EIP-2026-113996 EXPLOITDB text WRITEUP
WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113505 EXPLOITDB perl WORKING POC
WordPress Core 5.2.3 - Cross-Site Host Modification
EIP-2026-104639 EXPLOITDB bash WORKING POC
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)
EIP-2026-104640 EXPLOITDB perl WORKING POC
Opencart < 3.0.2.0 - Denial of Service
EIP-2026-103690 EXPLOITDB perl WORKING POC
UPNPD M-SEARCH - ssdp:discover Reflection Denial of Service