header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

ManageEngine ADManager Plus Build < 7210 Elevation of Privilege Vulnerability

The vulnerability exists in ManageEngine ADManager Plus Build < 7210. A user with the 'Modify Computers' privilege in ADManager can alter attributes of computer objects in Active Directory, allowing them to set Constrained Kerberos Delegation and access services like CIFS, LDAP, and HOST services. This manipulation grants the user privileges they are not supposed to have, bypassing the normal restrictions.

Unzip-Stream 0.3.1 Arbitrary File Write

The unzip-stream version 0.3.1 allows an attacker to write arbitrary files by manipulating the 'arcname' parameter, circumventing restrictions in Python's 'zipfile' module. By crafting a malicious ZIP file, an attacker can overwrite files on the target system. This vulnerability has been assigned CVE-2024-42471.

Jasmin Ransomware SQL Injection Login Bypass

The Jasmin Ransomware application is vulnerable to SQL Injection which allows an attacker to bypass authentication on the login page by inserting a specially crafted payload into the email and code fields. By entering the payload '=' 'or' in both the email and code fields, an attacker can bypass the authentication and gain unauthorized access to the admin panel.

ZTE ZXV10 H201L – Remote Code Execution via Authentication Bypass

The ZTE ZXV10 H201L router is vulnerable to remote code execution due to an authentication bypass. This allows an attacker to execute arbitrary code on the device without proper authentication. This vulnerability has the potential to be exploited remotely.

ollama 0.6.4 – Server-Side Request Forgery (SSRF)

The ollama 0.6.4 application is vulnerable to Server-Side Request Forgery (SSRF) attack. An attacker can manipulate the 'from' parameter in the payload to make the server send requests to arbitrary hosts, potentially leading to unauthorized access to internal systems.

GestioIP 3.5.7 – Reflected Cross-Site Scripting (Reflected XSS)

The ip_import_acl_csv request in GestioIP 3.5.7 allows for Reflected Cross-Site Scripting (XSS) where uploaded file content is reflected in the HTML response without proper sanitation. If the uploaded file has an incorrect format leading to an error during processing, parts of the file's content may be displayed in the browser. If this content contains HTML or scripts and is not escaped correctly, browsers may interpret it, potentially causing a security issue like data exfiltration and enabling Cross-Site Request Forgery (CSRF) attacks. Proper input validation and output encoding are crucial to mitigate this vulnerability.

OpenPanel 0.3.4 – OS Command Injection

The OpenPanel version 0.3.4 is vulnerable to OS command injection. An attacker can exploit this vulnerability by injecting a malicious command through the 'timezone' parameter in the HTTP POST request. This can lead to arbitrary command execution on the server.

Recent Exploits: