header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Vulnerability Type
No results found
Hardcoded Credentials (9)
Hard-coded credentials (8)
Use of Hard-coded Credentials [CWE-798] (5)
OS Command Injection [CWE-78] (4)
Remote Code Execution (4)
Hardcoded Password (3)
Password Disclosure (3)
Admin Account Creation (2)
Arbitrary File Download (2)
Backdoor Account (2)
SQL Injection (2)
Use of Hard-coded Credentials (2)
Account Creation and Deletion (1)
Arbitrary Code Execution (1)
Arbitrary Volume Name (1)
Authentication Bypass (1)
Authentication Bypass Issues [CWE-592] (1)
Authentication issues (1)
Backdoor credentials (1)
Backdoor Password (1)
Backdoor user (1)
Buffer overflow [CWE-119] (1)
change admin (user (1)
Cleartext Sensitive Data Vulnerability (1)
Client-Side Password Hash Disclosure (1)
create admin user via mass assignment (1)
Credential Disclosure (1)
Credentials Disclosure (1)
Cross-Site Scripting (XSS) (1)
Default Account (1)
Default Hardcoded Credentials Remote Root (1)
Default SSH Admin Password (1)
Developer Backdoor Config Overwrite (1)
Hard coded accounts (1)
Hard coded backdoor (1)
Hard-coded Credentials SSH Access (1)
Hard-coded private key disclosure (1)
Hardcoded Credentials Remote SYSTEM Code Execution (1)
Hardcoded Database Credentials (1)
Hardcoded Default Root Password and Remote Enrollment (1)
Hardcoded Password for Root Account (1)
Hardware- Multiple Vulnerabilities (1)
Heap Buffer-Overflow (1)
Incorrect Default Permissions [CWE-276] (1)
Information leak through GET request (1)
Input validation error [CWE-20] (1)
Insecure Credentials (1)
Insecure Default Users & Passwords (1)
Insufficient Access Control and Hardcoded Technician Credentials (1)
Key Derivation Function Vulnerability (1)
798
No results found
89 (8351)
79 (5937)
119 (4722)
78 (2037)
22 (1944)
98 (1882)
N/A (1389)
200 (1304)
400 (1281)
264 (1205)
287 (1099)
352 (1097)
120 (1032)
94 (1031)
20 (1026)
Unknown (897)
434 (850)
269 (267)
416 (254)
284 (219)
121 (196)
134 (187)
190 (149)
399 (138)
611 (120)
426 (115)
476 (110)
Buffer Overflow (110)
120 (Buffer Copy without Checking Size of Input) (104)
362 (95)
125 (92)
601 (87)
428 (86)
843 (86)
502 (85)
787 (84)
798 (79)
122 (77)
427 (73)
Not mentioned (70)
522 (65)
Not provided (59)
80 (55)
259 (54)
918 (44)
113 (40)
285 (40)
613 (39)
614 (37)
None (35)
CPE
No results found
N/A (6)
a:crypto_currency_tracker:crypto_currency_tracker:9.5 (2)
a:r_radio_network:fm_transmitter:1.07 (2)
automatic-systems:soc_fl9600_fastline:v06 (2)
//a:sugarcrm:sugarcrm (1)
2.3:a:loadbalancer.org:enterprise_va:7.5.2 (1)
a:adtec_digital:multiple_products (1)
a:austin_huges_electronics_ltd:infrapower_pps-02-s (1)
a:beward_r&d:beward_intercom:2.3.1 (1)
a:bmc_software:track-it! (1)
a:bmc:remedy_knowledge_management:7.5.00 (1)
a:dormakaba:saflok:6000 (1)
a:ecoa_technologies_corp.:building_automation_system (1)
a:elber_s.r.l.:analog_digital_audio_stl:4.00 (1)
a:gsx:gsx_analyzer (1)
a:ibm:informix_dynamic_server (1)
a:infinity:infinity (1)
a:iwt_ltd:facesentry_access_control_system (1)
a:manageengine:opmanager (1)
a:ourenergy:collectric_cmu (1)
a:ricoh:myprint (1)
a:riorey:rios (1)
a:servisnet:tessa (1)
a:siklu:multihaultg_firmware:<2.0.0 (1)
a:tecnovision:dlxspot (1)
a:telecomunicazioni_elettro_milano:tem_opera_plus_fm_family_transmitter:35.45 (1)
a:telesquare:skt_lte_wifi_sdt-cw3b1 (1)
a:ulicms:ulicms:2023.1-sniffing-vicuna (1)
a:woocommerce:paypal_checkout_payment_gateway:1.6.8 (1)
a:wordpress:masterstudy_lms_learning_management_system (1)
a:zkteco:zkbiosafety:3.0.1.0_r_230 (1)
cpe:/h:cypress:ctm-one (1)
h:actiontec:c1000a (1)
h:airlink101:skyipcam1620w_wireless_n_mpeg4_3gpp_network_camera (1)
h:belkin:f7d1301_v1 (1)
h:commax:cvd-ah04_dvr:4.4.1 (1)
h:cypress:ctm-200 (1)
h:d-link:dns-320l_sharecenter (1)
h:flir:flir_thermal_camera_f/fc/pt/d (1)
h:franklin_fueling:ts-550_evo (1)
h:master_ip_cam:master_ip_cam_01 (1)
h:seagate:blackarmor_nas (1)
h:selea:targa_ip_ocr-anpr_camera (1)
h:tenvis:th692-_outdoor_p2p_hd_waterproof_ip_camera (1)
h:totolink:g150r-v1 (1)
h:tp-link:tl-sc_3130 (1)
h:tp-link:tl-sc3171 (1)
h:usr_iot:4g_lte_industrial_cellular_vpn_router (1)
h:zte:zxv10_w300 (1)
h:zyxel:pk5001z (1)
Vendor
No results found
Ltd. (4)
Inc (3)
Automatic Systems (2)
Crypto Currency Tracker (2)
ECOA Technologies Corp. (2)
FLIR Systems (2)
R Radio Network (2)
TP-Link (2)
3Com (1)
Accton (1)
Actiontec (1)
Adtec Digital (1)
AirLink101 (1)
Apple (1)
Austin Hughes Electronics Ltd. (1)
Avaya (1)
Belkin (1)
Beward R&D Co. (1)
BMC (1)
BMC Software (1)
Cisco (1)
Clever Dog (1)
COMMAX Co. (1)
Cypress Solutions Inc. (1)
D-Link (1)
D-Link Corporation (1)
Dell (1)
Dormakaba (1)
Elber S.r.l. (1)
FingerTec (1)
Foundry and EdgeCore (1)
Franklin Fueling Systems (1)
GSX (1)
Heatmiser (1)
Hikvision (1)
HPE Enterprise (1)
Huawei (1)
iBall (1)
IBM (1)
Infinity (1)
Integrated Control Technology Ltd. (1)
iWT Ltd. (1)
Jinan USR IOT Technology Limited (1)
KevinLAB Inc. (1)
Loadbalancer.org (1)
ManageEngine (1)
Master IP CAM (1)
mySCADA (1)
Netis Systems (1)
Nokia (1)
Product Name
No results found
Crypto Currency Tracker (2)
ECOA Building Automation System (2)
FM Transmitter (2)
IP Cameras (2)
SOC FL9600 FastLine (2)
Access Control Devices (1)
Accton-based Switches (1)
AdaptCMS Lite (1)
Adsl Modems (1)
ASIK (1)
BEMS (Building Energy Management System) (1)
BEWARD Intercom (1)
BlackArmor NAS (1)
C1000A Modem (1)
Collectric CMU (1)
CTM-200/CTM-ONE (1)
CVD-Axx DVR (1)
D-Link IP Cameras (1)
D3 Decimator (1)
DlxSpot (1)
DNS-320L ShareCenter (1)
Elber Wayber Analog/Digital Audio STL 4.00 (1)
Enterprise VA (1)
FaceSentry Access Control System (1)
Firepower Threat Management Console (1)
FLIR AX8 Thermal Camera (1)
FLIR Thermal Camera F/FC/PT/D (1)
G150R-V1 (1)
G300R-V1 (1)
GSX Analyzer (1)
iB-WRA150N (1)
Infinity (1)
Informix Dynamic Server (1)
InfraPower PPS-02-S (1)
IP Camera (1)
IP Office Phone Manager (1)
IZON (1)
Mac OS X (1)
Master IP CAM 01 (1)
MasterStudy LMS Learning Management System (1)
Mobile WiFi (1)
MultiHaul TG series (1)
Multiple Products (1)
myPrint (1)
myPRO (1)
N150 Wireless Router (1)
N150RH-V1 (1)
N301RT-V1 (1)
Netis E1+ (1)
NetMan 204 (1)
Version
From
No results found
Unknown (6)
N/A (5)
01.07 (2)
All known versions (2)
V06 (2)
< 1.06 (1)
1.0.0-B20150330 (1)
1.0.36 (1)
1.00.22 (1)
1.17.13 (1)
1.2.32533 (1)
1.2.6 build 110401 Rel.47776n (1)
1.3.3 GA and 1.3.2 (1)
1.3.4 GA (1)
1.4 (1)
1.5 (1)
1.6.2008 (1)
10.12 (1)
2.0.5 (1)
2.2.7.4 (1)
2.7.18.0503 (1)
2.7.6 (1)
2.9.2.4 (1)
2023.1-sniffing-vicuna (1)
3.0.1.0_R_230 (1)
3.0.12-1 (1)
3.1 (1)
3.3.4.2103 (1)
35.45 (1)
4ST L-BEMS 1.0.0 (1)
7.13.52 (1)
7.5.2 (1)
9.5 (1)
All BlackArmor NAS devices (1)
BLD201113005214 (1)
Cisco Fire Linux OS 6.0.1 (build 37/build 1213) (1)
CTM-ONE (1.1.9) (1)
CTM-ONE (1.3.1) (1)
CTM200 (2.0.5.3356-184) (1)
CVD-AH04 DVR 4.4.1 (1)
D-Series (1)
F-Series (1)
FC-Series ID (1)
FC-Series S (FC-334-NTSC) (1)
FC-Series-R (1)
Firmware 2.0.0.6833 (1)
Firmware 6.4.8 build 264 (Algorithm A16) (1)
Firmware CAC003-31.30L.86 (1)
Firmware v1.6.03 and below (1)
Firmware version: 8.0.0.64 (1)
To
No results found
Unknown (8)
N/A (6)
01.07 (2)
9.5 (2)
All known versions (2)
V06 (2)
< 1.06 (1)
1.0.0 (1)
1.00.22 (1)
1.17.13 (1)
1.2.2007 (1)
1.2.32533 (1)
1.2.6 build 110401 Rel.47776n (1)
1.5 (1)
1.6.2008 (1)
11 (1)
2.0.5 (1)
2.2.7 (1)
2.3.1.34471 (1)
2.7.18.0503 (1)
2.7.2005 (1)
2023.1-sniffing-vicuna (1)
3.0.1.0_R_230 (1)
3.1 (1)
3.3.4.2103 (1)
35.45 (1)
4ST L-BEMS 1.0.0 (1)
7.13.52 (1)
7.5.2 (1)
adManage Traffic & Media Management Application v2.5.4 (1)
All BlackArmor NAS devices (1)
BLD191021180140 (1)
but they were not checked. (1)
Cisco Fire Linux OS 6.0.1 (build 37/build 1213) (1)
CTM-ONE (1.3.6-latest) (1)
CTM200 (2.7.1.5659-latest) (1)
CVD-AH08 DVR 5.1.2 (1)
Firmware 5.7.0 build 539 (Algorithm A14) (1)
Firmware CAC003-31.30L.86 (1)
Firmware v1.6.03 and below (1)
Firmware: 1.32.16 (1)
FW_AIC1620W_1.1.0-12_20120709_r1192.pck (Aug. 2012) (1)
LM.1.6.18P12_sign5 (1)
Netmonitor v3.03 (1)
Not mentioned (1)
OS: neco_v1.8-0-g7ffe5b3 (1)
Other devices based on the same firmware [2] are probably affected too (1)
PK5001Z 2.6.20.19 (1)
Q216V3 (Firmware: IPD-02-FW-v03) (1)
RIOS 4.7.0 (1)
Severity Type
No results found
HIGH (56)
CRITICAL (14)
MEDIUM (7)
LOW (1)
N/A (1)
Severity Number
No results found
7.5 (17)
8 (15)
7 (12)
5 (10)
9 (9)
6.1 (8)
9.8 (8)
5.5 (5)
8.8 (4)
7.8 (2)
Exploit Author
No results found
Gjoko 'LiquidWorm' Krstic (9)
LiquidWorm (8)
Core Security - Corelabs Advisory (3)
0xBr (2)
Daniele Linguaglossa (2)
KoreLogic (2)
Marcin Kozlowski / Cqure (2)
Mike Jankowski-Lorek (2)
Neurogenesia (2)
Simon Brannstrom (2)
Unknown (2)
xistence (2)
a51199deefa2c2520cea24f746d899ce (1)
Alex Akinbi (1)
Ali7 (1)
Amirhossein Bahramizadeh (1)
Avinash Tangirala (1)
Besim ALTINOK (1)
Cesar Neira (1)
Core Security - Corelabs (1)
Daniel Lawson (1)
DLY (1)
Edwin Eefting (1)
Emre ÖVÜNÇ (1)
Erik Smit and Erwin Drent (1)
GulfTech Research and Development (1)
Hodorsec (1)
Independent security researcher (1)
Ismail Tasdelen (1)
ITSecTeam (1)
Janek Vind 'waraxe' (1)
Joseph McDonagh (1)
Kevin Finisterre (1)
Leandro Meiners (1)
LMH (1)
lqwrm (1)
Marek Kroemeke (1)
Mark Stanislav (1)
Matthew Sheimo (1)
maxki4x (1)
Mirabbas Agalarov (1)
Murat Sahin (1)
Nahuel Riva (1)
Nate Drier and Matt Jakubowski of Trustwave SpiderLabs (1)
ndevnull (1)
numan türle (1)
Özkan Mustafa AKKUŞ (1)
pagvac (Adrian Pastor) (1)
Pedro Ribeiro (1)
Pierre Kim (1)
Platforms Tested
No results found
Linux (11)
Windows (9)
None (8)
N/A (7)
CSBtechDevice (2)
Embedded Linux (2)
Adtec Embedded Linux 0.9 (fido) (1)
Android (1)
Apache (1)
Apache 2.4.6 (1)
Apache Tomcat/7.0.56 (1)
Apache-Coyote/1.1 (1)
Boa/0.94.14rc19 (1)
Camera Firmware (1)
Dormakaba Saflok cards (1)
embOS/IP (1)
GNU/Linux 2.6.14 (PowerPC) (1)
GNU/Linux 3.0.35-flir+gfd883a0 (armv7l) (1)
GNU/Linux 3.12.38 (PowerPC) (1)
GNU/Linux 4.1.8 (armv7l) (1)
iOS Mobile Application (1)
lighttpd-web (1)
lighttpd/1.4.28 (1)
lighttpd/1.4.30-devel-1321 (1)
lighttpd/1.4.33 (1)
Linux 2.6.10_mvl401-davinci_evm-PSP_01_30_00_082 (1)
Linux 2.6.18_pro500-davinci_evm-arm_v5t_le (1)
Linux 2.6.28 (armv5tel) (1)
Linux CentOS 7 (1)
Mac (1)
Mac & Linux (1)
MariaDB 5.5.68 (1)
Microsoft Windows 10 Home (1)
Microsoft Windows 7 Professional SP1 (EN) (1)
Microsoft Windows 7 SP1 (1)
Microsoft Windows 7 Ultimate SP1 (EN) (1)
Microsoft-WinCE/6.00 (1)
NBFM Controller (1)
Netis E1+ V1.2.32533 (1)
Nexus Server/2.5.13.0 (1)
Nexus Server/2.5.14.0 (1)
Nexus Server/2.5.29.0 (1)
Not mentioned (1)
Not Specified (1)
PHP/5.3.9 (1)
PHP/5.4.14 (1)
PHP/5.4.16 (1)
PHP/5.4.7 (1)
Python (1)
Python 2.7.5 (1)
Year
Year
No results found
2023 (11)
2018 (9)
2013 (8)
2020 (8)
2016 (7)
2017 (5)
2021 (5)
2015 (4)
2019 (4)
2022 (4)
2005 (3)
2009 (3)
2014 (3)
2006 (1)
2007 (1)
2010 (1)
2024 (1)
Unknown (1)

Explore all Exploits:

Show More

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

Elber Wayber Analog/Digital Audio STL 4.00 devices are vulnerable to unauthenticated device configuration and disclosure of hidden functionalities on the client-side. An attacker can exploit this issue to modify device configurations without authentication and reveal hidden functionalities that are not intended for regular users.

6.1
CVSS
HIGH
Unauthenticated Device Configuration and Client-side Hidden Functionality Disclosure
798
CWE
Product Name
Elber Wayber Analog/Digital Audio STL 4.00
Platforms Tested
NBFM Controller, embOS/IP
Affected Version
From:
Version 1.0.0 Revision 1202
To:
Version 3.0.0 Revision 1553
2023
Show More

Siklu MultiHaul TG series – Unauthenticated Credential Disclosure

The Siklu MultiHaul TG series with a version less than 2.0.0 allows unauthenticated credential disclosure. By exploiting this vulnerability, an attacker can obtain random generated username and password, gaining unauthorized access to the device.

6.1
CVSS
HIGH
Credential Disclosure
798
CWE
Product Name
MultiHaul TG series
Platforms Tested
Affected Version
From:
Version < 2.0.0
To:
Version < 2.0.0
2024
Show More

Hardcoded Credentials in Automatic-Systems SOC FL9600 FastLine

Automatic Systems SOC FL9600 FastLine V06 device contains hardcoded login credentials for the super admin account, which cannot be changed. An attacker can exploit this vulnerability to gain sensitive information using the following credentials: Login: automaticsystems, Password: astech. This vulnerability is identified as CVE-2023-37608.

6.1
CVSS
HIGH
Hardcoded Credentials
798
CWE
Product Name
SOC FL9600 FastLine
Platforms Tested
Affected Version
From:
V06
To:
V06
2023
Show More

TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution

The TEM Opera Plus FM Family Transmitter 35.45 allows unauthorized access to a vulnerable endpoint, enabling an attacker to upload a binary image to the MPFS File System without any authentication. This vulnerability can be exploited to overwrite the flash program memory containing the web server's main interfaces, leading to the execution of arbitrary code.

6.1
CVSS
HIGH
Remote Code Execution
798
CWE
Product Name
TEM Opera Plus FM Family Transmitter
Platforms Tested
Webserver
Affected Version
From:
35.45
To:
35.45
2023
Show More

Automatic-Systems SOC FL9600 FastLine Hardcoded Super Admin Credentials

The Automatic Systems SOC FL9600 FastLine device with version V06 contains hardcoded login credentials for a super admin account. An attacker can exploit this vulnerability to access sensitive information using the admin login credentials.

6.1
CVSS
HIGH
Hardcoded Credentials
798
CWE
Product Name
SOC FL9600 FastLine
Platforms Tested
Affected Version
From:
V06
To:
V06
2023
Show More

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.

6.1
CVSS
HIGH
Password Disclosure
798
CWE
Product Name
FM Transmitter
Platforms Tested
CSBtechDevice
Affected Version
From:
01.07
To:
01.07
2023
Show More

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure

The R Radio FM Transmitter 1.07 system.cgi endpoint has an improper access control vulnerability that allows unauthenticated users to access and reveal the clear-text password of the admin user. This disclosure enables attackers to bypass authentication and gain unauthorized access to the FM station setup.

6.1
CVSS
HIGH
Password Disclosure
798
CWE
Product Name
FM Transmitter
Platforms Tested
CSBtechDevice
Affected Version
From:
01.07
To:
01.07
2023

Recent Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

author
Devrim Dıragumandan (d0ub1edd)
vendor
OS4Ed
severity
6.1
HIGH

dizqueTV 1.5.3 – Remote Code Execution (RCE)

author
Ahmed Said Saud Al-Busaidi
vendor
Vexorian
severity
8.1
CRITICAL

reNgine 2.2.0 – Command Injection (Authenticated)

author
Caner Tercan
vendor
reNgine
severity
7.1
HIGH

Stored Cross-Site Scripting (XSS) in NoteMark

author
Alessio Romano (sfoffo)
vendor
Enchanted Code
severity
6.1
HIGH

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

author
Photubias
vendor
Microsoft
severity
6.1
HIGH

Invesalius 3.1 – Remote Code Execution (RCE)

author
Alessio Romano (sfoffo), Riccardo Degli Esposti (partywave)
vendor
Invesalius
severity
6.1
HIGH

Stored XSS in Gitea

author
Catalin Iovita & Alexandru Postolache
vendor
Gitea
severity
6.1
HIGH

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

author
Gjoko 'LiquidWorm'
vendor
Elber S.r.l.
severity
6.1
HIGH

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
Elber S.r.l.
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR

cqrsecured