header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

HughesNet HT2000W Satellite Modem Password Reset

The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass

The Elber Reble610 device is vulnerable to an authentication bypass issue that allows attackers to gain unauthorized and administrative access to protected areas of the application. This vulnerability occurs due to a flaw in the password management functionality, specifically in the set_pwd endpoint, which can be manipulated by attackers to overwrite the password of any user within the system.

Honeywell PM43 Command Injection Remote Code Execution (RCE)

The exploit allows an attacker to remotely execute arbitrary code on Honeywell PM43 printers with firmware versions prior to P10.19.050004. By sending a crafted payload to the 'loadfile.lp?pageid=Configure' endpoint, an attacker can inject malicious commands. This vulnerability is identified as CVE-2023-3710.

Credential Leakage Through Unprotected System Logs and Weak Password Encryption

The vulnerability allows an attacker to access sensitive credentials due to unprotected system logs and weak password encryption. By decrypting the passwords stored in the system logs, an attacker can obtain user credentials. This vulnerability has been assigned the CVE identifier CVE-2023-43261.

Microsoft Windows PowerShell Single Quote Code Execution and Event Log Bypass Vulnerability

The vulnerability in Microsoft Windows PowerShell allows for code execution by bypassing single quote restrictions. By using a combination of semicolon and ampersand characters, a specially crafted filename can trigger arbitrary code execution and evade PS event logging. This can lead to unauthorized file execution and potential security breaches.

Maxima Max Pro Power BLE Traffic Replay Vulnerability

An attacker can send crafted HEX values to a specific GATT Charactristic handle on the Maxima Max Pro Power smartwatch to perform unauthorized actions like changing Time display format, updating Time, and notifications. Due to lack of integrity checks, an attacker can sniff values on one smartwatch and replay them on another, leading to unauthorized actions.

Electrolink FM/DAB/TV Transmitter Credentials Disclosure

Electrolink FM/DAB/TV Transmitter devices are prone to a credentials disclosure vulnerability. Attackers can exploit this issue to gain unauthorized access to sensitive information such as login credentials. This vulnerability affects various versions of Electrolink transmitters including Compact DAB Transmitter, Medium DAB Transmitter, High Power DAB Transmitter, Compact FM Transmitter, Modular FM Transmitter, Digital FM Transmitter, VHF TV Transmitter, and UHF TV Transmitter.

Windows Defender Trojan.Win32Powessere.G Mitigation Bypass

Windows Defender usually prevents the execution of TrojanWin32Powessere.G by leveraging rundll32.exe. However, by using multiple commas in the execution command, the mitigation can be bypassed, allowing successful execution of the trojan.

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

The vulnerability in TitanNit Web Control 2.01 / Atemio 7600 allows an unauthorized attacker to execute system commands with elevated privileges by utilizing the 'getcommand' query in the application, resulting in root access.

Microsoft Windows PowerShell Single Quote Code Execution and Event Log Bypass

The vulnerability in Microsoft Windows PowerShell allows for code execution bypassing single quotes using the semicolon ';' and ampersand '&' characters in filenames. By exploiting this flaw, arbitrary code execution can be triggered, and the PowerShell event log can be truncated.

Recent Exploits: