header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Zyxel Firmware Multiple Input Validation Vulnerability

The exploit targets Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, and several other firmware versions. An authenticated attacker could exploit the improper input validation flaws in some CLI commands to cause a buffer overflow or system crash with a crafted payload.

TEM Opera Plus FM Family Transmitter 35.45 XSRF

The TEM Opera Plus FM Family Transmitter 35.45 devices are vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by tricking a logged-in user to visit a malicious website, leading to unauthorized actions being performed with administrative privileges.

Ricoh Printer Directory and File Exposure

The exploit allows an attacker to connect to a Ricoh printer over FTP using default credentials and access sensitive directories such as Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics), and Syslog (System Log) to view files and information without authentication.

Credential Leakage Through Unprotected System Logs and Weak Password Encryption

The vulnerability allows an attacker to access sensitive credentials due to unprotected system logs and weak password encryption implemented in Milesight IoT industrial routers. By exploiting this flaw, an adversary could decrypt and extract passwords leading to unauthorized access. This vulnerability has been assigned CVE-2023-43261.

Directory Traversal in Automatic-Systems SOC FL9600 FastLine

The Automatic-Systems SOC FL9600 FastLine V06 allows an attacker to traverse directories by manipulating the 'dir' parameter in the 'csvServer.php' script, leading to unauthorized access to sensitive files such as '/etc/passwd'. This vulnerability has been assigned CVE-2023-37607.

MISP 2.4.171 Stored XSS Vulnerability

An authenticated user can inject malicious code into the 'Name' parameter while adding a cluster in MISP version 2.4.171, leading to the execution of arbitrary scripts in the context of the user's session. This vulnerability has been assigned CVE-2023-37307.

Saflok KDF Vulnerability

The Saflok KDF vulnerability allows an attacker to derive keys by exploiting a weakness in the key derivation function. This can lead to unauthorized access and compromise of the system. This vulnerability does not have a CVE assigned yet.

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

The vulnerability in TitanNit Web Control 2.01 / Atemio 7600 allows an unauthorized attacker to execute system commands with elevated privileges by utilizing the 'getcommand' query in the application, resulting in root access.

Linux-x64 – XOR Encrypted Shellcode for execve() with /bin//sh Argument

The exploit involves creating a new process in Linux x86_64 by utilizing the execve() system call with an argument of /bin//sh. The shellcode is XOR encrypted, with the encrypted value being QWORD size (/bin - //sh). The assembly code uses XOR operations to set up the arguments for execve() and then executes the system call. The C code snippet demonstrates the execution of the shellcode from the stack.

Recent Exploits: