header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Cluster Manager Exploitation

The script aims to exploit a vulnerability in a cluster manager by searching for a specific 'Alias' parameter in the href attribute of HTML links. If the parameter is found, the script proceeds with the exploitation process. It utilizes BeautifulSoup for parsing HTML content and requests library for making HTTP requests. The vulnerability can potentially lead to information disclosure.

Hitachi NAS (HNAS) System Management Unit (SMU) 14.8.7825 – Information Disclosure

The Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 and below is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. This vulnerability has been assigned CVE-2023-6538.

OpenClinic GA 5.247.01 – Information Disclosure

An Information Disclosure vulnerability in OpenClinic GA 5.247.01 allows an attacker to infer the existence of specific appointments by manipulating the input to the printAppointmentPdf.jsp component. By observing error messages, an unauthorized user can determine the presence of appointments without direct access to the data, potentially revealing sensitive information about appointments at private clinics, surgeries, and doctors' practices. This vulnerability is identified as CVE-2023-40278.

djangorestframework-simplejwt 5.3.1 – Information Disclosure

A vulnerability in djangorestframework-simplejwt version <= 5.3.1 allows for various security issues such as Business Object Level Authorization (BOLA), Business Function Level Authorization (BFLA), and Information Disclosure. This vulnerability permits users to access web application resources even after their account has been deactivated due to inadequate user validation checks.

Ricoh Printer Directory and File Exposure

The exploit allows an attacker to connect to a Ricoh printer over FTP using default credentials and access sensitive directories such as Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics), and Syslog (System Log) to view files and information without authentication.

Nodez 4.6.1.1 Mercury (possibly prior versions) multiple vulnerabilities

The 'op', 'bop', 'ext', 'eop' arguments are not properly sanitized before including files from local resources, allowing for arbitrary file inclusion. The 'ext' argument can be used to inject PHP code into the 'cache/ext/statman/log.gtdat' file and execute commands. Additionally, the 'list.gtdat' file in the 'cache/users' folder exposes the MD5 password hashes of all admin and users. This can be exploited by crafting a specific value for the 'upass' parameter.

Recent Exploits: