wp-pagenavi
domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init
action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114The Elber Wayber Analog/Digital Audio STL version 3.0.0 and below, including Firmware versions 4.00 Rev. 1501, 4.00 Rev. 1516, and 3.00 Rev. 1350, are vulnerable to an authentication bypass. By exploiting this vulnerability, an attacker can gain unauthorized access to the password management functionality, allowing them to change passwords for any user in the system. This unauthorized access compromises the security of the device.
The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices are prone to an authentication bypass vulnerability due to unauthorized access to the password management function. By manipulating the set_pwd endpoint, attackers can change the password of any user, granting them unauthorized administrative access to critical parts of the application and compromising system security.
The Ivanti vADC version 9.9 is susceptible to an authentication bypass vulnerability. By sending a crafted request to the wizard.fcgi endpoint with specific parameters, an attacker can create a new admin user without proper authentication, leading to unauthorized access to the system.
The Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized administrative access by manipulating the set_pwd endpoint to overwrite user passwords within the system. This exploit compromises the security of the device's system.
The Elber Reble610 device is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized and administrative access to protected areas of the application. This vulnerability occurs due to a flaw in the password management functionality, specifically in the set_pwd endpoint, which can be manipulated by attackers to overwrite the password of any user within the system.
The Elber Signum DVB-S/S2 IRD device is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized access by manipulating the set_pwd endpoint to overwrite user passwords and access protected areas of the application.
Flowise version 1.6.5 and below is susceptible to an authentication bypass vulnerability. By modifying the endpoint paths to uppercase, such as /API/V1 instead of /api/v1, an attacker can bypass the authentication process. This issue is due to the lack of case sensitivity in the code snippet responsible for authentication middleware.
Windows Defender fails to detect and prevent execution of TrojanWin32Powessere.G when leveraging rundll32.exe, leading to an 'Access is denied' error. The bypass was first disclosed in 2022 by passing an extra path traversal with mshtml, which was later mitigated. Subsequently, on Feb 7, 2024, using multiple commas as part of the path allowed bypassing the mitigation until it was fixed. Another trivial bypass was discovered soon after.
The Positron Broadcast Digital Signal Processor TRA7005 is vulnerable to an authentication bypass that allows attackers to gain unauthorized access to protected areas of the application by manipulating the password management functionality. By exploiting this vulnerability, attackers can bypass Digest authentication, set a user's password to any value, or even remove it completely.
An attacker can bypass authentication on Electrolink FM/DAB/TV Transmitter devices due to a lack of proper authentication mechanisms. This vulnerability affects various models and versions of Electrolink transmitters, allowing unauthorized access to the devices.