Latest Exploit Articles
[webapps] React Server 19.2.0 - Remote Code Execution
React Server 19.2.0 - Remote Code Execution
[webapps] RomM 4.4.0 - XSS_CSRF Chain
RomM 4.4.0 - XSS_CSRF Chain
[webapps] Jumbo Website Manager - Remote Code Execution
Jumbo Website Manager - Remote Code Execution
[local] ZSH 5.9 - RCE
ZSH 5.9 - RCE
[webapps] FortiWeb 8.0.2 - Remote Code Execution
FortiWeb 8.0.2 - Remote Code Execution
Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout
The IQ4xx building management controller, manufactured by Honeywell, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User (level 100) context, granting read/write...
Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure
The Tattile cameras suffer from an unauthenticated and unauthorized live RTSP video stream access.
Tattile Cameras 1.181.5 Use of Default Credentials
The Tattile cameras ship with default credentials that remain active after installation and commissioning without enforcing a mandatory password change.
Tattile Cameras 1.181.5 Insufficient Token (X-User-Token) Expiration
The application suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or tokens for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers.
eNet SMART HOME server 2.3.1 (setUserGroup) Remote Privilege Escalation
The eNet Smart Home system suffers from a privilege escalation vulnerability due to insufficient authorization checks in the JSON-RPC endpoint for user management. A low-privileged user, can exploit the "setUserGroup" method by sending a crafted POST request to /jsonrpc/management, specifying their own username and...