header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Configuration Vulnerability

The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. An attacker can exploit this vulnerability to manipulate device configuration settings and reveal hidden functionalities without authentication.

Elber Wayber Analog/Digital Audio STL 4.00 Device Configuration Vulnerability

Elber Wayber Analog/Digital Audio STL 4.00 devices are vulnerable to unauthenticated device configuration and disclosure of hidden functionalities on the client-side. An attacker can exploit this issue to modify device configurations without authentication and reveal hidden functionalities that are not intended for regular users.

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass

The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices are prone to an authentication bypass vulnerability due to unauthorized access to the password management function. By manipulating the set_pwd endpoint, attackers can change the password of any user, granting them unauthorized administrative access to critical parts of the application and compromising system security.

Sitefinity 15.0 – Cross-Site Scripting (XSS)

A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.

ASUS ASMB8 iKVM 1.14.51 – Remote Code Execution (RCE) & SSH Access

A vulnerability was found in ASUS ASMB8 iKVM firmware version 1.14.51 and possibly others, allowing for Remote Code Execution (RCE) via SNMP arbitrary extensions. By exploiting this vulnerability, an attacker can run commands on the system with root privileges and introduce a new user to bypass SSH restrictions. Additionally, a hardcoded account 'sysadmin:superuser' was discovered. The vulnerability is identified as CVE-2023-26602.

PyroCMS v3.0.1 Stored Cross-Site Scripting

An attacker can exploit the vulnerability in PyroCMS v3.0.1 by injecting a malicious payload into the 'Redirect From' field, triggering a stored cross-site scripting (XSS) attack. This could lead to unauthorized access, data theft, and other malicious activities. No CVE has been assigned yet.

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Configuration Vulnerability

The Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device allows an attacker to configure the device without authentication and reveals hidden functionality on the client-side. By exploiting this vulnerability, an unauthorized user can manipulate device settings and access undisclosed features.

Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Device Configuration Vulnerability

The Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 device is prone to an unauthenticated device configuration vulnerability and client-side hidden functionality disclosure. An attacker can exploit this issue by sending unauthorized commands to the affected device, leading to unauthorized access and potential disclosure of hidden functionalities.

Elber Signum DVB-S/S2 IRD Unauthenticated Configuration Disclosure

Elber Signum DVB-S/S2 IRD devices with affected versions 1.999, 1.317, 1.220, 1.217, 1.214, 1.193, 1.175, and 1.166 are prone to unauthenticated device configuration and client-side hidden functionality disclosure. An attacker can exploit this vulnerability to manipulate device configurations and reveal hidden functionalities without authentication.

Hitachi NAS (HNAS) System Management Unit (SMU) 14.8.7825 – Information Disclosure

The Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 and below is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. This vulnerability has been assigned CVE-2023-6538.

Recent Exploits: