what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 25 of 35

Files from Kaustubh G. Padwad

Shenzhen Skyworth RN510 Information Disclosure

Posted May 4, 2021

Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from an unauthenticated sensitive information disclosure vulnerability.

tags | exploit, info disclosure

advisories | CVE-2021-25326

SHA-256 | 7f26e9706a9282668f82475d29e2552e812bbb3bd068893eb424f30e0d699c6d

Download | Favorite | View

Shenzhen Skyworth RN510 Cross Site Request Forgery / Cross Site Scripting

Posted May 4, 2021

Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

advisories | CVE-2021-25327

SHA-256 | 70d4b29f86b8a386559ce1885039111a11ce3147edcb6cc01fd5a7adda137f43

Download | Favorite | View

Shenzhen Skyworth RN510 Buffer Overflow

Posted May 4, 2021

Authored by Kaustubh G. Padwad

Shenzhen Skyworth RN510 suffers from a buffer overflow vulnerability that allows for remote code execution.

tags | exploit, remote, overflow, code execution

advisories | CVE-2021-25328

SHA-256 | 93aaa64937baf7f896bc583390423bd6be7254ef45979a7f1e67273873d3d9df

Download | Favorite | View

TP-Link Cross Site Scripting

Posted Mar 26, 2021

Authored by Kaustubh G. Padwad, Smriti Gaba

Multiple TP-Link devices suffer from an unauthenticated persistent cross site scripting vulnerability. Affected models include TD-W9977, TL-WA801ND, TL-WA801N, TL-WR802N, and Archer-C3150.

tags | exploit, xss

advisories | CVE-2021-3275

SHA-256 | e35e1937104dc66eacb185dee5eb8adeeab2b99d9f05fd8364987d6dd5a729bd

Download | Favorite | View

Unibox 2.4 CSRF / Remote Code Execution

Posted Feb 8, 2021

Authored by Kaustubh G. Padwad

Unibox version 2.4 suffers from remote code execution and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, code execution, csrf

SHA-256 | 8dd77b322f43636d3235c2c88700453adfa9865970ffd5dd3a39a083974ecbb8

Download | Favorite | View

Unibox Cross Site Request Forgery

Posted Feb 8, 2021

Authored by Kaustubh G. Padwad

Various Unibox products suffers from a cross site request forgery vulnerability.

tags | exploit, csrf

SHA-256 | b2ad463fe05cca881eb2aaa2883ee1d6b019cd543a3dfca94efb14e2e27c91e8

Download | Favorite | View

Nokia 8810 Denial Of Service

Posted Feb 13, 2019

Authored by Kaustubh G. Padwad

A denial of service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Successful exploitation could lead to the remote code execution on the device.

tags | exploit, remote, web, denial of service, code execution

advisories | CVE-2019-7386

SHA-256 | 41ed47df5f0cb6c76f6d18138f1661d9ed68c2bbe0c204c4e5369cd7ff9e62fd

Download | Favorite | View

Raisecom Technology GPON-ONU HT803G-07 Command Injection

Posted Feb 13, 2019

Authored by Kaustubh G. Padwad

Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the newpass and confpass parameters in /bin/WebMGR.

tags | exploit

advisories | CVE-2019-7385

SHA-256 | e7ecf5fa2c6f869e62d82c9df7399dbcbd72c48e427d4b22e50975a3e101f661

Download | Favorite | View

Raisecom Technology GPON-ONU HT803G-07 Command Injection

Posted Feb 13, 2019

Authored by Kaustubh G. Padwad

Raisecom Technology GPON-ONU HT803G-07 suffers from an authenticated command injection vulnerability in the fmgpon_loid parameter.

tags | exploit

advisories | CVE-2019-7384

SHA-256 | 20c807e8e9b1420883bb9554d5567b9aa797cbf1aa083b30b34637600361e93f

Download | Favorite | View

SYSTORME ISG Command Injection

Posted Feb 13, 2019

Authored by Kaustubh G. Padwad

SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from an authenticated command injection vulnerability.

tags | exploit

advisories | CVE-2019-7383

SHA-256 | 74184a70ebca4b40a63ba803ab0d7c6c1d3778f3752608a8f155df9f97e121c8

Download | Favorite | View

SYSTORME ISG Cross Site Request Forgery

Posted Feb 13, 2019

Authored by Kaustubh G. Padwad

SYSTORME ISG products ISG-600C, ISG-600H, and ISG-800W suffer from a cross site request forgery vulnerability.

tags | exploit, csrf

advisories | CVE-2018-19525

SHA-256 | 3afd770ed7f96641d003de944e95ad53a06c7f7713c9c607fef61adfddd70330

Download | Favorite | View

Skyworth GPON HomeGateways / Optical Network Stack Overflow

Posted Feb 11, 2019

Authored by Kaustubh G. Padwad

A stack overflow vulnerability has been identified in multiple Skyworth GPON HomeGateways and Optical Network terminals. Affected products include 1.DT741 Converged Intelligent Terminal (G/EPON+IPTV), 2.DT741 Converged Intelligent Terminal (G/EPON+IPTV), 3.DT721-cb GPON uplink home gateway (GPON+2FE+1POTS), 4.DT721-cb GPON Uplink Home Gateway (GPON+2FE+1POTS), 5.DT741-cb GPON uplink home gateway (GPON+4FE+1POTS+WIFI+USB), 6.DT741-cb GPON Uplink Home Gateway (GPON+4FE+1POTS+WIFI+USB), and 7.DT741-cbGPON uplink home gateway DT741-cb.

tags | exploit, overflow

advisories | CVE-2018-19524

SHA-256 | 4f48da3e8a78a9cf4093887c381e510d71c9c97ebafd060e27501d9e12a2e61d

Download | Favorite | View

Manage Engine OPutils 8.0 Authorization Bypass

Posted Feb 16, 2016

Authored by Kaustubh G. Padwad

Manage Engine OPutils version 8.0 suffers from an authorization bypass vulnerability due to a missing function level access control.

tags | exploit, bypass

SHA-256 | b9e7e86ebc2d1e55dc5329a95efdaca283be5268b1a3a03b374a5d737c611082

Download | Favorite | View

Manage Engine OPutils 8.0 Privilege Escalation

Posted Feb 16, 2016

Authored by Kaustubh G. Padwad

Manage Engine OPutils version 8.0 suffers from a privilege escalation vulnerability.

tags | exploit

SHA-256 | b977e013fda04f44e8af632bcc03cc1219b52ae3d3bd69ffba3b620b6a52c170

Download | Favorite | View

Manage Engine OPutils 8.0 Cross Site Request Forgery / Cross Site Scripting

Posted Feb 16, 2016

Authored by Kaustubh G. Padwad

Manage Engine OPutils version 8.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | 733c28616c1891158bef1795b1d8b042f1e58ddc0cd0991868a9f08d50bd3559

Download | Favorite | View

ManageEngine Network Configuration Management Build 11000 Privilege Escalation

Posted Feb 10, 2016

Authored by Kaustubh G. Padwad

ManageEngine Network Configuration Management build version 11000 suffers from a privilege escalation vulnerability.

tags | exploit

SHA-256 | b1e8ea1844311d691d035609460b77754f923da68c3f14f66c5c9e53051686e2

Download | Favorite | View

ManageEngine Network Configuration Management Build 11000 CSRF

Posted Jan 29, 2016

Authored by Kaustubh G. Padwad

ManageEngine Network Configuration Management build 11000 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf

SHA-256 | b4748784f8dee5785fb74729ebcd54c6263a9b3b6fefef6c72fb3f86e7114d00

Download | Favorite | View

WordPress Ad Buttons 2.3.1 CSRF / Cross Site Scripting

Posted May 7, 2015

Authored by Kaustubh G. Padwad

WordPress Ad Buttons plugin version 2.3.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | 38b043d0ddd6274052aa3b2235c087b0a5f86ffbd8a74ae736c9855251b13cd0

Download | Favorite | View

WordPress Ultimate Profile Builder 2.3.3 CSRF / Cross Site Scripting

Posted May 7, 2015

Authored by Kaustubh G. Padwad

WordPress Ultimate Profile Builder plugin version 2.3.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | e306dde4e30a050baaee377e244ad54d920791bdf5e7dd8e595b3a7eaca44b37

Download | Favorite | View

WordPress ClickBank Ads 1.7 CSRF / Cross Site Scripting

Posted May 7, 2015

Authored by Kaustubh G. Padwad

WordPress ClickBank Ads plugin version 1.7 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | 47910384921948b511a328ff8006171ac9d2ec58cab3173c9f2b6b746ca631eb

Download | Favorite | View

Manage Engine Asset Explorer 6.1.0 Build 6110 CSRF / XSS

Posted May 7, 2015

Authored by Kaustubh G. Padwad

Manage Engine Asset Explorer version 6.10 build 6110 suffers from cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | 195e2f680ce1f1256efa4ca7d96a6455fb8bb335560c4ad2d9e348c0cd79ddb7

Download | Favorite | View

WordPress Ad Inserter 1.5.2 CSRF / XSS

Posted May 7, 2015

Authored by Kaustubh G. Padwad

WordPress Ad Inserter plugin version 1.5.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | fc4d07d0daf390ca0c72e3db173c0a59ad0af1b9efa29d6fd45e91a1f202d286

Download | Favorite | View

WordPress Embed-Articles 7.0.3 CSRF / XSS

Posted May 7, 2015

Authored by Kaustubh G. Padwad

WordPress Embed-Articles plugin version 7.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

SHA-256 | a8cef952b6cc90193465ca3ccb8b29e293b5fed101d0cdff61fab9964921ee33

Download | Favorite | View

WordPress WP Statistics 9.1.2 Cross Site Scripting

Posted Apr 16, 2015

Authored by Kaustubh G. Padwad

WordPress WP Statistics plugin version 9.1.2 suffers from stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 7417199952c4f4c2dfe0f63ea7723e48742cb4ca58d9e91e2dd4096de4abde78

Download | Favorite | View

WordPress Google Map Travel 3.4 XSS / CSRF

Posted Mar 28, 2015

Authored by Kaustubh G. Padwad

WordPress AB Google Map Travel (AB-MAP) plugin version 4.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf

advisories | CVE-2015-2755

SHA-256 | dbd0939d53280d5f0c1443437fc3c64a3c5ad487379041dd2756ab5536b86ce4

Download | Favorite | View