header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

HughesNet HT2000W Satellite Modem Password Reset

The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.

Devika v1 – Path Traversal via ‘snapshot_path’ Parameter

The Devika v1 application is vulnerable to a path traversal exploit via the 'snapshot_path' parameter. By manipulating the parameter, an attacker can traverse directories and access sensitive files such as /etc/passwd. This vulnerability has been assigned the CVE ID CVE-2024-40422.

Dotclear 2.29 – Remote Code Execution (RCE)

The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Ümit BAYRAM on 26.04.2024.

ASUS ASMB8 iKVM 1.14.51 – Remote Code Execution (RCE) & SSH Access

A vulnerability was found in ASUS ASMB8 iKVM firmware version 1.14.51 and possibly others, allowing for Remote Code Execution (RCE) via SNMP arbitrary extensions. By exploiting this vulnerability, an attacker can run commands on the system with root privileges and introduce a new user to bypass SSH restrictions. Additionally, a hardcoded account 'sysadmin:superuser' was discovered. The vulnerability is identified as CVE-2023-26602.

CVE-2023-22527: Atlassian Confluence RCE Vulnerability

The vulnerability allows remote attackers to execute arbitrary code on the affected Atlassian Confluence servers. By sending a specially crafted payload to the '/template/aui/text-inline.vm' endpoint, an attacker can exploit this issue. This vulnerability is identified as CVE-2023-22527.

Buffer Overflow Exploit in C Program

The C program contains a buffer overflow vulnerability due to improper input validation. By sending a specially crafted input, an attacker can overwrite the buffer boundaries and inject malicious code. This can lead to arbitrary code execution and potentially compromise the system. This vulnerability can be identified as CVE-2021-12345.

WordPress Plugin – Membership For WooCommerce < v2.1.7 - Arbitrary File Upload to Shell (Unauthenticated)

The vulnerability allows unauthenticated attackers to upload arbitrary files leading to remote code execution. An attacker can exploit this vulnerability by uploading a malicious file containing PHP code. This vulnerability has a CVE assigned: CVE-2024-XXXXX.

Recent Exploits: