Usman Saeed - Security Researcher - Exploit Intelligence Platform

CVE-2018-25269 EXPLOITDB MEDIUM text WORKING POC

ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection

ICEWARP 10.3.4 and 11.0.0.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML elements into emails by embedding base64-encoded payloads in object and embed tags. Attackers can craft emails containing data URIs with embedded scripts that execute in the client when the email is viewed, compromising user sessions and stealing sensitive information.

CVSS 6.1

View Code

CVE-2018-7357 EXPLOITDB MEDIUM text WORKING POC

ZTE ZXHN H168N Firmware <= V2.2.0_PK1.2T5 - Unauthenticated Critical Function Access

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.

CVSS 6.5

View Code

CVE-2009-0392 EXPLOITDB text WORKING POC

Motorola Wimax modem CPEi300 - Path Traversal

Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.

View Code

EIP-2026-118714 EXPLOITDB text WORKING POC

kolibri+ Web Server 2 - Directory Traversal

View Code

EIP-2026-118332 EXPLOITDB text WORKING POC

BRS Webweaver 1.33 - '/Scripts' Access Restriction Bypass

View Code

EIP-2026-116598 EXPLOITDB perl WORKING POC

Xitami 5.0 - '/AUX' Request Remote Denial of Service

View Code

EIP-2026-115526 EXPLOITDB text WORKING POC

Kolibri+ Web Server 2 - GET Denial of Service

View Code

CVE-2009-4587 EXPLOITDB text WORKING POC

Cherokee Web Server 0.5.4 - DoS

Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of service (daemon crash) via an MS-DOS reserved word in a URI, as demonstrated by the AUX reserved word.

View Code

EIP-2026-104517 EXPLOITDB text WORKING POC

ZYXEL P-660R-T1 V2 - 'HomeCurrent_Date' Cross-Site Scripting

View Code

CVE-2011-3596 EXPLOITDB HIGH perl WORKING POC

Polipo < 1.0.4.1 - Denial of Service via HTTP POST/PUT Request

Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

CVSS 7.5

View Code

CVE-2009-1287 EXPLOITDB text WORKING POC

Cisco Subscriber Edge Services Manager - Cross-Site Scripting via URI

Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.

View Code

CVE-2018-7358 EXPLOITDB MEDIUM text WORKING POC

ZTE ZXHN H168N Firmware V2.2.0_PK1.2T5 V2.2.0_PK1.2T2 V2.2.0_PK11T7 V2.2.0_PK11T - Improper Authentication

ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.

CVSS 6.5

View Code

CVE-2018-7921 EXPLOITDB MEDIUM text WORKING POC

Huawei B315s-22 <21.318.01.00.26 - Info Disclosure

Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.

CVSS 6.5

View Code

CVE-2018-13134 EXPLOITDB MEDIUM text WORKING POC

TP-Link Archer C1200 Firmware 1.13 Build 20299 - Stored Cross-Site Scripting via PATH_INFO to /webpages/data URI

TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.

CVSS 6.1

View Code

EIP-2026-101802 EXPLOITDB text WORKING POC

iGuard Security Access Control Device Firmware 3.6.7427A - Cross-Site Scripting

View Code

CVE-2009-0393 EXPLOITDB text WORKING POC

Motorola CPEi300 - Authenticated Cross-Site Scripting via sysconf.cgi Page Parameter

Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.

View Code

EIP-2026-100663 EXPLOITDB text WORKING POC

Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure

View Code