Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Exploits - exploit.company
header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

openSIS 9.1 – SQL Injection (Authenticated)

A SQL injection vulnerability was discovered in OS4Ed Open Source Information System Community version 9.1. By manipulating the 'X-Forwarded-For' header parameters in a POST request to /Ajax.php, an attacker can execute malicious SQL queries.

dizqueTV 1.5.3 – Remote Code Execution (RCE)

dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.

reNgine 2.2.0 – Command Injection (Authenticated)

The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.

Stored Cross-Site Scripting (XSS) in NoteMark

The vulnerability exists in NoteMark version 0.13.0 and below. By injecting a malicious payload into a note and rendering it using the 'Rendered' tab, an attacker can execute arbitrary JavaScript code in the context of the user's session.

Windows IPv6 CVE-2024-38063 Denial-Of-Service Vulnerability

The exploit targets Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189, allowing an attacker to cause denial-of-service. By corrupting the tcpip.sys memory per batch, the attacker can disrupt the normal functioning of the system. This vulnerability is identified as CVE-2024-38063.

Invesalius 3.1 – Remote Code Execution (RCE)

A Remote Code Execution (RCE) vulnerability was found in the DICOM file import process of Invesalius 3. This vulnerability affects versions 3.1.99991 to 3.1.99998. By utilizing a specially crafted DICOM file, an attacker can execute arbitrary code on the victim's system.

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. An attacker can exploit this vulnerability to manipulate device configuration settings and reveal hidden functionalities without authentication.

Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass

The Elber Wayber Analog/Digital Audio STL version 3.0.0 and below, including Firmware versions 4.00 Rev. 1501, 4.00 Rev. 1516, and 3.00 Rev. 1350, are vulnerable to an authentication bypass. By exploiting this vulnerability, an attacker can gain unauthorized access to the password management functionality, allowing them to change passwords for any user in the system. This unauthorized access compromises the security of the device.

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

Elber Wayber Analog/Digital Audio STL 4.00 devices are vulnerable to unauthenticated device configuration and disclosure of hidden functionalities on the client-side. An attacker can exploit this issue to modify device configurations without authentication and reveal hidden functionalities that are not intended for regular users.

Recent Exploits: