header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

HughesNet HT2000W Satellite Modem Password Reset

The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.

WebMax Portal Password Reset Vulnerability

WebMax Portal is vulnerable to a password reset vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to reset the password of any user in the application.

LinEx All Versions Password Reset Vulnerability

LinkEx is a open source web application for exchanging link, which most of the porn sites uses it. First, go to the website http://site.com/linkex/?page=admin and click on forgot password and enter the captcha. Then, go to site.com/linkex/data/config/config and note down the 'key' parameter. Finally, use the key at site.com/linkex/?page=resetpassword&key=[key] to reset the password.

AMS WebMail Password Reset Vulnerability

This vulnerability allows an attacker to reset the password of a user in AMS WebMail. The attacker can exploit this vulnerability by setting up a malicious web page with a JavaScript file that will send a request to the AMS WebMail server. The request will contain the user's email address and a reset password token. The attacker can then use the token to reset the user's password. The vulnerability is caused by the lack of proper input validation in the AMS WebMail server.

Emby MediaServer 3.2.5 Password Reset Vulnerability

The issue can be triggered by an unauthenticated actor within the home network (LAN) only. The attacker doesn't need to specify a valid username to reset the password. He or she can enter a random string, and using the file disclosure issue it's possible to read the PIN needed for resetting. This in turn will disclose all the valid usernames in the emby server and reset all the passwords for all the users with a blank password. Attackers can exploit this to gain unauthenticated and unauthorized access to the emby media server management interface.

Anuko Time Tracker 1.19.23.5311 – Password Reset Vulnerability leading to Account Takeover

In Anuko Time Tracker v1.19.23.5311 and prior, the password reset link emailed to the user doesn't expire once used, hence the attacker could use the same link to take over the victim's account. An Attacker needs to have the link for successful exploitation. A malicious user could use the same password reset link of the victim multiple times to take over the account.

Password Reset Vulnerability in Ametys CMS version 4.0.2

User controlled input is not sufficiently sanitized. Unauthenticated user can perform administrative operations without properly authorization. Ametys CMS only checks the authorization if the request includes /cms/ in the web request. By that, we can reset any password of users, including administrator users.

Recent Exploits: