Suggest Exploit

Explore Vulnerabilities


Explore all Exploits:

WyreStorm APOLLO VX20 Incorrect Access Control Credentials Disclosure

A vulnerability exists in WyreStorm Apollo VX20 devices prior to version 1.3.58, allowing remote attackers to retrieve clear text credentials for the SoftAP Router's device configuration using an HTTP GET request. This can lead to unauthorized access to sensitive information. An attacker can exploit this issue by making an HTTP request to retrieve the credentials.

Human Resource Management System – SQL Injection

The Human Resource Management System project in PHP and MySQL version 1.0 is vulnerable to SQL injection through the 'employeeid' parameter. By injecting malicious SQL payloads, an attacker can manipulate the database and potentially extract sensitive information. This exploit has been successfully tested on Windows 10 Pro running XAMPP V3.3.0.

WordPress Plugin Duplicator < - Unauthenticated Sensitive Data Exposure to Account Takeover

A severe vulnerability has been found in the directory */wordpress/wp-content/backups-dup-lite/tmp/*. This vulnerability exposes detailed information about the site, including its configuration, directories, files, and grants unauthorized access to sensitive data within the database, posing a risk of brute force attacks on password hashes and potential system compromise.

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore IDOR Vulnerability

The vulnerability allows an attacker to download arbitrary files from the Hitachi NAS (HNAS) System Management Unit (SMU) due to improper access controls. This vulnerability has been assigned CVE-2023-5808. An exploit script has been created by Arslan Masood (@arszilla) to demonstrate the issue. The affected version is < 14.8.7825.01, and the exploit has been tested on version 13.9.7021.04. By manipulating the JSESSIONID and JSESSIONIDSSO cookies, an attacker can download sensitive files from the system.

Cisco Firepower Management Center Authentication Bypass

The Cisco Firepower Management Center (FMC) versions,, and are vulnerable to an authentication bypass exploit. An attacker can exploit this vulnerability to bypass authentication and gain unauthorized access to the FMC web services interface, potentially leading to further compromise of the system. This vulnerability has been assigned CVE-2023-20048.

Sitecore – Remote Code Execution v8.2

The vulnerability in Sitecore versions 9.0 to 10.3 and 8.2 allows remote code execution, impacting all Experience Platform topologies (XM, XP, XC). An attacker can exploit this vulnerability to retrieve core connection strings. This vulnerability has been assigned CVE-2023-35813.

Recent Exploits: