header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

HughesNet HT2000W Satellite Modem Password Reset

The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.

Cluster Manager Exploitation

The script aims to exploit a vulnerability in a cluster manager by searching for a specific 'Alias' parameter in the href attribute of HTML links. If the parameter is found, the script proceeds with the exploitation process. It utilizes BeautifulSoup for parsing HTML content and requests library for making HTTP requests. The vulnerability can potentially lead to information disclosure.

Elber Signum DVB-S/S2 IRD Unauthenticated Configuration Disclosure

Elber Signum DVB-S/S2 IRD devices with affected versions 1.999, 1.317, 1.220, 1.217, 1.214, 1.193, 1.175, and 1.166 are prone to unauthenticated device configuration and client-side hidden functionality disclosure. An attacker can exploit this vulnerability to manipulate device configurations and reveal hidden functionalities without authentication.

Hitachi NAS (HNAS) System Management Unit (SMU) 14.8.7825 – Information Disclosure

The Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 and below is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. This vulnerability has been assigned CVE-2023-6538.

Asterisk AMI – Partial File Content & Path Disclosure (Authenticated)

The exploit targets CVE-2023-49294 in Asterisk AMI, enabling authenticated users to enumerate filesystems, discover existing file paths, and disclose partial file contents. The disclosed files need to comply with the Asterisk configuration format, similar to INI configuration. The vulnerability can be utilized for unauthorized access to sensitive information.

OpenClinic GA 5.247.01 – Information Disclosure

An Information Disclosure vulnerability in OpenClinic GA 5.247.01 allows an attacker to infer the existence of specific appointments by manipulating the input to the printAppointmentPdf.jsp component. By observing error messages, an unauthorized user can determine the presence of appointments without direct access to the data, potentially revealing sensitive information about appointments at private clinics, surgeries, and doctors' practices. This vulnerability is identified as CVE-2023-40278.

djangorestframework-simplejwt 5.3.1 – Information Disclosure

A vulnerability in djangorestframework-simplejwt version <= 5.3.1 allows for various security issues such as Business Object Level Authorization (BOLA), Business Function Level Authorization (BFLA), and Information Disclosure. This vulnerability permits users to access web application resources even after their account has been deactivated due to inadequate user validation checks.

Ricoh Printer Directory and File Exposure

The exploit allows an attacker to connect to a Ricoh printer over FTP using default credentials and access directories such as Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics), and Syslog (System Log). The attacker can list files and directories, read files, and potentially extract sensitive information.

Lot Reservation Management System Unauthenticated File Disclosure Vulnerability

The Lot Reservation Management System is a PHP/MySQLi project designed to assist in managing property reservations. The system allows clients to view property information and make reservations. However, it is vulnerable to an unauthenticated file disclosure issue.

Recent Exploits: