header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

HughesNet HT2000W Satellite Modem Password Reset

The exploit allows an attacker to reset the administrator password for HughesNet HT2000W Satellite Modem by taking advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon. The exploit also exploits other vulnerabilities like improper use of httokens for authentication and leaking the MD5 hash of the password.

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass

The Elber ESE DVB-S/S2 Satellite Receiver 1.5.x devices are prone to an authentication bypass vulnerability due to unauthorized access to the password management function. By manipulating the set_pwd endpoint, attackers can change the password of any user, granting them unauthorized administrative access to critical parts of the application and compromising system security.

Stored XSS Vulnerability via File Name

The vulnerability allows attackers to execute malicious scripts by embedding them in the filename of an image file uploaded as part of creating a new ticket in the HelpDeskZ software version 2.0.2. Successful exploitation can lead to compromise of the administration panel and execution of unauthorized scripts in the administrator's environment.

Stored XSS in Calibre-web

Calibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This allows an attacker to insert malicious scripts stored on the server and run in the context of another user's session. By exploiting this vulnerability, an attacker can execute arbitrary scripts in the victim's browser.

Genexus Protection Server 9.7.2.10 – Unquoted Service Path Vulnerability

The Genexus Protection Server 9.7.2.10 is vulnerable to an unquoted service path issue, which could allow an attacker to escalate privileges on the system by placing a malicious executable in the path without quotes. This could lead to arbitrary code execution with elevated privileges.

Oracle Database 12c Release 1 – Unquoted Service Path

The Oracle Database 12c Release 1 service 'OracleDBConsoleorcl' on Windows 10 Pro x64 has an unquoted service path, which can potentially allow an attacker to escalate privileges by placing a malicious executable in the unquoted path that is executed with elevated privileges. This vulnerability has been assigned CVE-ID: TBD.

SolarWinds Kiwi Syslog Server 9.6.7.1 – Unquoted Service Path

SolarWinds Kiwi Syslog Server 9.6.7.1 has an unquoted service path vulnerability, which could allow an attacker to escalate privileges by placing a malicious executable in the system path. This vulnerability has been assigned CVE-ID CVE-2024-XXXXX.

Devika v1 – Path Traversal via ‘snapshot_path’ Parameter

The Devika v1 application is vulnerable to a path traversal exploit via the 'snapshot_path' parameter. By manipulating the parameter, an attacker can traverse directories and access sensitive files such as /etc/passwd. This vulnerability has been assigned the CVE ID CVE-2024-40422.

Recent Exploits: