infodox

8 exploits Active since Dec 2011
CVE-2025-34037 METASPLOIT CRITICAL ruby WORKING POC
Linksys E-Series - Command Injection
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm  in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
EIP-2026-110797 EXPLOITDB python WORKING POC
PHP-Charts 1.0 - 'index.php?type' Remote Code Execution
CVE-2011-4885 EXPLOITDB text WORKING POC
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
EIP-2026-103764 EXPLOITDB bash WORKING POC
ASAN/SUID - Local Privilege Escalation
EIP-2026-102969 EXPLOITDB python WORKING POC
Reaver Pro - Local Privilege Escalation
EIP-2026-102862 EXPLOITDB bash WORKING POC
GNU Screen 4.5.0 - Local Privilege Escalation
EIP-2026-102771 EXPLOITDB ruby WORKING POC
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)
EIP-2026-102772 EXPLOITDB ruby WORKING POC
AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)