header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Vulnerability Type
No results found
SQL Injection (6841)
Buffer Overflow (3830)
Cross-Site Scripting (2498)
Denial of Service (1853)
Remote Code Execution (1494)
Cross-Site Scripting (XSS) (852)
Directory Traversal (841)
Remote File Include (787)
Remote File Inclusion (723)
Privilege Escalation (675)
Authentication Bypass (671)
Local File Inclusion (606)
Information Disclosure (483)
Remote Command Execution (459)
Arbitrary File Upload (427)
Blind SQL Injection (425)
HTML Injection (398)
Cross-Site Request Forgery (384)
Command Injection (349)
Cross-Site Request Forgery (CSRF) (331)
Stack Buffer Overflow (320)
Stack Overflow (304)
Remote SQL Injection (288)
Unquoted Service Path (264)
Memory Corruption (254)
Denial of Service (DoS) (246)
Stored XSS (246)
Local Privilege Escalation (245)
Local File Include (241)
Remote Denial of Service (229)
Use-After-Free (211)
Heap-overflow (201)
Stored Cross-Site Scripting (XSS) (197)
Persistent Cross Site Scripting (187)
Remote Code Execution (RCE) (176)
XSS (169)
Stack-Based Buffer Overflow (165)
Remote Buffer Overflow (146)
Format String Vulnerability (145)
CSRF (142)
Path Traversal (136)
Integer Overflow (135)
Arbitrary Code Execution (134)
Code Execution (134)
Remote File Disclosure (127)
Input Validation (125)
SQL Injection and Cross Site Scripting (123)
Stored Cross Site Scripting (117)
Command Execution (115)
Insecure Cookie Handling (113)
CWE
No results found
255 (3)
20 (2)
287 (2)
200 (1)
862 (1)
CPE
No results found
N/A (3)
a:ametys:ametys_cms (1)
a:ams_software:ams_webmail:2.0 (1)
a:anuko:time_tracker (1)
a:emby_llc:emby_mediaserver (1)
a:gitlab:gitlab (1)
h:hughesnet:ht2000w_satellite_modem (1)
Vendor
No results found
Ametys (1)
AMS Software (1)
Anuko (1)
Emby LLC (1)
GitLab (1)
HughesNet (1)
LinkEx (1)
Pagekit (1)
WebMax Portal (1)
Product Name
No results found
Ametys CMS (1)
AMS WebMail (1)
Emby MediaServer (1)
GitLab CE/EE (1)
HT2000W Satellite Modem (1)
LinkEx (1)
Pagekit CMS (1)
Time Tracker (1)
WebMax Portal (1)
Version
From
No results found
< 16.5.6 (1)
< 16.6.4 (1)
1.19.23.5311 (1)
1.35 and older (1)
3.2.5 (1)
4.0.2 (1)
All versions (1)
AMS WebMail 2.0 (1)
Arcadyan httpd 1.0 (1)
GitLab CE/EE < 16.7.2 (1)
N/A (1)
To
No results found
1.19.23.5311 (1)
1.36 (1)
16.7.1 and below (1)
2.0 (1)
3.0.0 (1)
4.0.2 (1)
All versions (1)
AMS WebMail 2.0 (1)
N/A (1)
not specified (1)
Severity Type
No results found
HIGH (6)
CRITICAL (3)
Severity Number
No results found
5 (3)
7 (3)
8 (2)
9.8 (2)
6.1 (1)
8.1 (1)
Exploit Author
No results found
Exploit Database (1)
Gjoko 'LiquidWorm' Krstic (1)
Jose Luis (1)
Mufaddal Masalawala (1)
N B Sri Harsha (1)
s d (1)
Saurabh Banawar (1)
Sebastian Kriesten (1)
Simon Greenblatt (1)
Platforms Tested
No results found
N/A (3)
Kali Linux 2020.3 (1)
Linux (1)
MacOS Sierra 10.12.3 (1)
Microsoft Windows 7 Professional SP1 (EN) (1)
Mono-HTTPAPI/1.1 (1)
None (1)
SQLite3 (1)
Ubuntu Linux 14.04.5 (1)
UPnP/1.0 DLNADOC/1.50 (1)
Windows Server 2003 (1)
Year
Year
No results found
2017 (3)
2024 (2)
2005 (1)
2009 (1)
2014 (1)
2020 (1)

Explore all Exploits:

HughesNet HT2000W Satellite Modem Password Reset

The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.

WebMax Portal Password Reset Vulnerability

WebMax Portal is vulnerable to a password reset vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to reset the password of any user in the application.

LinEx All Versions Password Reset Vulnerability

LinkEx is a open source web application for exchanging link, which most of the porn sites uses it. First, go to the website http://site.com/linkex/?page=admin and click on forgot password and enter the captcha. Then, go to site.com/linkex/data/config/config and note down the 'key' parameter. Finally, use the key at site.com/linkex/?page=resetpassword&key=[key] to reset the password.

AMS WebMail Password Reset Vulnerability

This vulnerability allows an attacker to reset the password of a user in AMS WebMail. The attacker can exploit this vulnerability by setting up a malicious web page with a JavaScript file that will send a request to the AMS WebMail server. The request will contain the user's email address and a reset password token. The attacker can then use the token to reset the user's password. The vulnerability is caused by the lack of proper input validation in the AMS WebMail server.

Emby MediaServer 3.2.5 Password Reset Vulnerability

The issue can be triggered by an unauthenticated actor within the home network (LAN) only. The attacker doesn't need to specify a valid username to reset the password. He or she can enter a random string, and using the file disclosure issue it's possible to read the PIN needed for resetting. This in turn will disclose all the valid usernames in the emby server and reset all the passwords for all the users with a blank password. Attackers can exploit this to gain unauthenticated and unauthorized access to the emby media server management interface.

Anuko Time Tracker 1.19.23.5311 – Password Reset Vulnerability leading to Account Takeover

In Anuko Time Tracker v1.19.23.5311 and prior, the password reset link emailed to the user doesn't expire once used, hence the attacker could use the same link to take over the victim's account. An Attacker needs to have the link for successful exploitation. A malicious user could use the same password reset link of the victim multiple times to take over the account.

Password Reset Vulnerability in Ametys CMS version 4.0.2

User controlled input is not sufficiently sanitized. Unauthenticated user can perform administrative operations without properly authorization. Ametys CMS only checks the authorization if the request includes /cms/ in the web request. By that, we can reset any password of users, including administrator users.

Recent Exploits: