ByteHunter

10 exploits Active since Feb 2023
CVE-2023-42793 NOMISEC CRITICAL WORKING POC
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
10 stars
CVSS 9.8
CVE-2023-42793 NOMISEC CRITICAL WORKING POC
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVSS 9.8
CVE-2023-5222 EXPLOITDB MEDIUM python WORKING POC
Viessmann Vitogate 300 <2.1.3.0 - Hard-Coded Password
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2024-5910 EXPLOITDB CRITICAL python WORKING POC
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
CVSS 9.8
CVE-2024-30269 EXPLOITDB MEDIUM python WORKING POC
dataease < 2.5.0 - Unauthenticated Exposure of Sensitive Database Configuration via /de2api/engine/getEngine;.js
DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the `/de2api/engine/getEngine;.js` path via a browser reveals that the platform's database configuration is returned. The vulnerability has been fixed in v2.5.0. No known workarounds are available aside from upgrading.
CVSS 5.3
CVE-2023-42793 EXPLOITDB CRITICAL python WORKING POC
JetBrains TeamCity < 2023.05.4 - Unauthenticated Remote Code Execution
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVSS 9.8
CVE-2023-5702 EXPLOITDB MEDIUM python WORKING POC
Viessmann Vitogate 300 <2.1.3.0 - Direct Request
A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2023-3710 EXPLOITDB CRITICAL python WORKING POC
Honeywell PM43 Firmware < P10.19.050004 - Command Injection via Printer Web Page Modules
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
CVSS 9.9
CVE-2023-23333 EXPLOITDB CRITICAL python WORKING POC
SolarView Compact Firmware <= 6.00 - Remote Command Execution via downloader.php
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
CVSS 9.8
EIP-2026-101425 EXPLOITDB python WORKING POC
Ruijie Switch PSG-5124 26293 - Remote Code Execution (RCE)