88 matches found
ethical-hacking-excersises
Exploitation Techniques – Course Exercises Repository Over...
CVE-2025-65427
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations...
CVE-2021-47707
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...
EUVD-2021-34732
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel...
PT-2025-50237
Name of the Vulnerable Software and Affected Versions COMMAX CVD-Axx DVR version 5.1.4 Description The COMMAX CVD-Axx DVR contains weak default administrative credentials, enabling remote password attacks and disclosure of RTSP streams. An attacker can exploit this by sending a POST request to an...
Exploit for OS Command Injection in Vsftpd_Project Vsftpd
Task-4-Exploitation-System-Security Internship: ApexPlanet —...
Harden your identity defense with improved protection, deeper correlation, and richer context
In today’s digital-first enterprise, identities have become the new corporate security perimeter. Hybrid work and cloud-first strategies have dissolved traditional network boundaries and dramatically increased the complexity of identity fabrics. Security teams are left managing a constellation of...
EUVD-2010-2971
Malware in sbrugna...
EUVD-2001-1447
Malware in sbrugna...
EUVD-2017-16559
Malware in sbrugna...
EUVD-2021-28326
Malicious code in bioql PyPI...
EUVD-2023-59126
Malicious code in bioql PyPI...
EUVD-2023-58039
Malicious code in bioql PyPI...
CVE-2023-5754
Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system...
CVE-2023-6928
EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number of attempts to guess administrative credentials in remote password attacks to gain full control of the system...
CVE-2020-14484
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks...
ABB Cylon FLXeon 9.3.4 - Default Credentials
ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series ABB UC32 Series Main Plant Controllers Cylon's UnitronUC32.xx Firmware: =9.3.4...
Linux Distros Unpatched Vulnerability : CVE-2023-6681
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary...
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second just in Entra ID—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses source: Microsoft Digital Defense Report 2024. SaaS attacks are increasing, with hackers ofte...
jose4j: denial of service via specially crafted JWE
A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...