what you don't know can hurt you
Showing 1 - 25 of 805 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2022-05-03
View User Profile
Tenda HG6 3.3.0 Remote Command Injection
Posted May 3, 2022
Authored by LiquidWorm | Site zeroscience.mk

Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces.

tags | exploit, remote, web, arbitrary, shell
SHA-256 | 49f6e50dad2f50c5f9bee5f1105d5092b826a6f5ba27d2193fc00498390e1373
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor
Posted Apr 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7.

tags | exploit
systems | linux
SHA-256 | f2b44867a9d3fc671d927368e7311aaf4147f3f58be89622912f7a0f06ebb5cc
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure
Posted Apr 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cookie user password disclosure vulnerability.

tags | exploit
SHA-256 | c2881fbdfd83e5084b73c774d6a48d7ea8cc6074ddb613b6d320455618a8a3c0
Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting
Posted Apr 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 041e8cd64bd7b2f293e27b87159e8111d1c2036b0e159bc4eccd5b8d7613ca58
Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery
Posted Apr 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 29cb721e83f960d667cf6c98532f19aade113ac4dead4421a2632694ec3913c0
Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm
Posted Apr 13, 2022
Authored by LiquidWorm | Site zeroscience.mk

Verizon's 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from device's MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string LTEFemto resulting in something like LTEFemtoD080 as the default Admin password. Versions GA4.38 through 0.4.038.2131 are affected.

tags | exploit
SHA-256 | 59ce4ad0a80db9115ae14b1ebb563c934a8d4e694bb93586a6f38b338e1ab98d
ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure
Posted Mar 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

ICT Protege GX/WX version 2.08 suffers from a client-side SHA1 password hash disclosure vulnerability.

tags | exploit
SHA-256 | f203bc1b35e3b9d44818d0680ff7a367ed1eac4fa488fe060a5c8a1fec93d479
ICT Protege GX/WX 2.08 Cross Site Scripting
Posted Mar 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

ICT Protege GX/WX version 2.08 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0761967ed7f26d12def00046c1c81a51292379f6aee38f2875fd95654cb59e1a
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification
Posted Feb 22, 2022
Authored by LiquidWorm | Site zeroscience.mk

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability.

tags | exploit
advisories | CVE-2022-25359
SHA-256 | 692f4de735fbbad8010644968c54cdfe4e595dc3154860210526aa667a9f2e0c
H3C SSL VPN Username Enumeration
Posted Feb 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

H3C SSL VPN suffers from a username enumeration vulnerability during the login sequence.

tags | exploit
SHA-256 | dfee4cf29211a5243ad88690480fda707d2c3e7a7d71e2ad687f07a80c49882e
Fetch Softworks Fetch FTP Client 5.8 Denial Of Service
Posted Jan 28, 2022
Authored by LiquidWorm | Site zeroscience.mk

Fetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 39661448198dd708a96b67957a59b551619e612105aace960d22e309d08ca49d
OpenBMCS 2.4 Secret Disclosure
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from a secret disclosure vulnerability.

tags | exploit
SHA-256 | a40e30c16f0d2888ff426295f31b93b41116fcc4eb79213fafc80f0a5c06510b
OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from remote file inclusion and server-side request forgery vulnerabilities.

tags | exploit, remote, vulnerability, file inclusion
SHA-256 | 505b78cffe8b2f1b771d3702d316ef5c1753e49ac00b67466b0784a71a1ea915
OpenBMCS 2.4 Remote Privilege Escalation
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 create administrator proof of concept exploit that leverages a remote privilege escalation vulnerability.

tags | exploit, remote, proof of concept
SHA-256 | dfa165d919105379e965f9f7c64bc72209b082357f408421bbd7348be571f7ea
OpenBMCS 2.4 SQL Injection
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3aeb898ad8ef01997d5126cc60a9a27460e4a21f989924b572387e47ffec85ff
OpenBMCS 2.4 Cross Site Request Forgery
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 49761c5a766632d48b5e2db091385ef7d796cdc174fb58a9f84c48a390e63d92
meterN 1.2.3 Remote Command Execution
Posted Dec 14, 2021
Authored by LiquidWorm | Site zeroscience.mk

meterN version 1.2.3 suffers from an authenticated remote command execution vulnerability.

tags | exploit, remote
SHA-256 | d03478d19f799c6fe12536a7b5353c838ea40fb8825294f625cab67028553daa
Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery
Posted Dec 14, 2021
Authored by LiquidWorm | Site zeroscience.mk

Zucchetti Axess CLOKI Access Control version 1.64 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 5ee851be27389c34fce6b6b8f31ca356b97517cee36216ebce3cf2a59bf0d6a4
i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw
Posted Nov 2, 2021
Authored by LiquidWorm | Site zeroscience.mk

i3 International Annexxus Cameras Ax-n version 5.2.0 does not allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with viewer or operator permissions has been added by the default admin user i3admin, a PUT request can be issued calling the UserPermission endpoint with the ID of created account and set it to admin userType, successfully adding a second administrative account.

tags | exploit
SHA-256 | 3e641781592da07922dd7ee30daf5267b6d7f9b85ed06f3a2968275095a40591
Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection
Posted Oct 11, 2021
Authored by LiquidWorm | Site zeroscience.mk

Cypress Solutions CTM-200 wireless gateway version 2.7.1 suffers from an authenticated semi-blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'ctm-config-upgrade.sh' script leveraging the 'fw_url' POST parameter used in the cmd upgreadefw as argument, called by ctmsys() as pointer to execv() and make_wget_url() function to the wget command in /usr/bin/cmdmain ELF binary.

tags | exploit, arbitrary, shell, root
SHA-256 | 3c5b924eea85063a32d4abf12a102470e52fe008b637d8c375ec9d27c3e4f296
Cypress Solutions CTM-200/CTM-ONE Hard-Coded Credentials Remote Root
Posted Oct 11, 2021
Authored by LiquidWorm | Site zeroscience.mk

Cypress Solutions CTM-200/CTM-ONE suffers from a hard-coded credential remote root vulnerability via telnet and ssh.

tags | exploit, remote, root
SHA-256 | c6e807601e506777669f00a74526a7064066038cba2f8103bedd98cb559088c8
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Privilege Escalation
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 suffers from a remote privilege escalation vulnerability.

tags | exploit, remote
SHA-256 | 6ef66ed70e92ad612290d98df48054d67d1c964e07a0683eaed0ee4abc38ad4e
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Backdoor Account
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.

tags | exploit
SHA-256 | 76986786233f93566ddb9953be6f98bfa450885a5ac241ed16617a8870a9ff2b
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Configuration Disclosure
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.

tags | exploit, web
SHA-256 | c9208e538a5afc70b3635572f890f2667c94de059d48740427d2b3abf186786c
FatPipe Networks WARP 10.2.2 Authorization Bypass
Posted Sep 28, 2021
Authored by LiquidWorm | Site zeroscience.mk

FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.

tags | exploit, bypass
SHA-256 | d011bfaa75604c3b3dc63ad611330b11fc8a534120edc38f724e1a4f58929d87
Page 1 of 33
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close