infodox

8 exploits Active since Dec 2011
CVE-2025-34037 METASPLOIT CRITICAL ruby WORKING POC
Linksys E-Series - Command Injection
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm  in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
EIP-2026-110797 EXPLOITDB python WORKING POC
PHP-Charts 1.0 - 'index.php?type' Remote Code Execution
CVE-2011-4885 EXPLOITDB text WORKING POC
Php < 5.3.8 - Improper Input Validation
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
EIP-2026-103764 EXPLOITDB bash WORKING POC
ASAN/SUID - Local Privilege Escalation
EIP-2026-102969 EXPLOITDB python WORKING POC
Reaver Pro - Local Privilege Escalation
EIP-2026-102862 EXPLOITDB bash WORKING POC
GNU Screen 4.5.0 - Local Privilege Escalation
EIP-2026-102771 EXPLOITDB ruby WORKING POC
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
EIP-2026-102772 EXPLOITDB ruby WORKING POC
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)