t4rkd3vilz

16 exploits Active since Apr 2013
CVE-2018-25333 EXPLOITDB HIGH text WORKING POC
Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection
Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloads in the login field to extract sensitive database information and bypass authentication mechanisms.
CVSS 8.2
CVE-2018-10594 METASPLOIT CRITICAL ruby WORKING POC
Delta Industrial Automation COMMGR <1.08 - Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
CVSS 9.8
CVE-2013-0663 EXPLOITDB text WORKING POC
Schneider Electric Modicon Quantum, M340, and Premium PLC - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands, as demonstrated by modifying HTTP credentials.
CVE-2016-2279 EXPLOITDB MEDIUM text WORKING POC
Rockwell Automation CompactLogix 1769-L* < 28.011 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 6.1
CVE-2018-10594 EXPLOITDB CRITICAL ruby WORKING POC
Delta Industrial Automation COMMGR <1.08 - Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
CVSS 9.8
CVE-2016-5809 EXPLOITDB HIGH text WORKING POC
Schneider Electric IONXXXX Series - Cross-Site Request Forgery
An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved.
CVSS 8.8
EIP-2026-103280 EXPLOITDB text WORKING POC
Honeywell Scada System - Information Disclosure
CVE-2014-3110 EXPLOITDB text WORKING POC
Honeywell FALCON XLWeb Linux Controller < 2.04.01 and XLWebExe < 2.02.11 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
CVE-2015-5698 EXPLOITDB text WORKING POC
Siemens SIMATIC S7-1200 <4.1.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2014-2908 EXPLOITDB text WORKING POC
SIMATIC S7-1200 CPU 2.x-3.x - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0491 EXPLOITDB HIGH html WORKING POC
Tor 0.3.2.0-0.3.2.9 - Use-After-Free in KIST Pending List
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
CVSS 7.5
CVE-2015-2177 EXPLOITDB HIGH python WORKING POC
SIMATIC S7-300 CPU Firmware - Denial of Service via Crafted Packets on TCP Port 102 or Profibus
Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus.
CVSS 7.5
CVE-2014-5074 EXPLOITDB python WORKING POC
Siemens SIMATIC S7-1500 CPU Firmware < 1.6 - Denial of Service via Crafted TCP Packets
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
CVE-2016-3963 EXPLOITDB MEDIUM python WORKING POC
Siemens SCALANCE S613 - Denial of Service via TCP Port 443 Traffic
Siemens SCALANCE S613 allows remote attackers to cause a denial of service (web-server outage) via traffic to TCP port 443.
CVSS 5.3
CVE-2018-13989 EXPLOITDB HIGH text WRITEUP
Grundig Smart Inter@ctive TV 3.0 - Cross-Site Request Forgery via TCP Port 8085
Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 request to shut off the device.
CVSS 8.8
CVE-2018-10594 EXPLOITDB CRITICAL python WORKING POC
Delta Industrial Automation COMMGR <1.08 - Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
CVSS 9.8