Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 – cPanel/WHM Auth Bypass + Root Password Changer...

Exploit for CVE-2026-41940

cPanel/WHM Auth Bypass Scanner & Exploit Tool A Go command-li...

CVE-2023-53771 MiniDVBLinux 5.4 Unauthenticated Root Password Change via System Setup

MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEMPASSWORD parameters to reset root credentials...

CVE-2023-53771

CVE-2023-53771 affects MiniDVBLinux 5.4. The vulnerability is an authentication bypass in the system-setup endpoint: remote attackers can craft POST requests with modified SYSTEM_PASSWORD to reset the root password. This is evidenced by multiple sources (Red Hat, EUVD, NVD, CVE lists) describing ...

EUVD-2009-2477

Malware in sbrugna...

EUVD-2018-10489

Malware in sbrugna...

CVE-2023-28972

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system ports console insecure" is enabled, root login is disallowed for Junos OS as expected. However, the...

Default credentials

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite remote. ¶¶ An attacker can overwrite system files like system.conf and passwd, this occurs because the insecure usage of "fopen" system function with the mode "wb" which allow...

EFM Networks ipTIME NAS1dual、NAS2dual、NAS4dual 跨站请求伪造漏洞

EFM Networks ipTIME NAS1dual and others are a network attached storage from EFM Networks, Korea. A security vulnerability exists in EFM Networks ipTIME NAS1dual, NAS2dual, and NAS4dual versions prior to 1.4.86, which can be exploited by remote attackers to steal root privileges via a POST request...

CentOS Web Panel Cross-Site Request Forgery Vulnerability (CNVD-2019-40074)

CentOS Web Panel CWP is a free web-hosting control panel that makes it easy to manage multiple servers without having to access the server via SSH for every little task that needs to be done. A cross-site request forgery vulnerability exists in the "Forgot Password" feature in CentOS Web Panel...

CVE-2019-0035

CVE-2019-0035 describes an administrative bypass on Juniper Networks Junos OS. When the insecure console port setting is enabled, an attacker with physical access can change the root password on systems booted from an OAM volume using the command set system root-authentication plain-text-password...

Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution

!/usr/bin/python3 TARGET: AeroHive AP340 HiveOS $cmd"; die; ?" URL of the login page where we will inject our PHP command exec code so it poisons the log file posturl= "/login.php5?version=6.1r2" postfields = "loginauth" : "1", "miniHiveUI" : "1", "userName" : payloadinject, "password" : "1234"...

CVE-2015-6927

vzctl before 4.9.4 determines the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container CT root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the...