Exploit the possiblities
Showing 1 - 25 of 530 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2017-11-15
View User Profile
Allworx Server Manager 6x / 6x12 / 48x Cross Site Scripting
Posted Nov 15, 2017
Authored by LiquidWorm | Site zeroscience.mk

Allworx Server Manager versions 6x, 6x12, and 48x suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 03843045c240dd5452b85689aaa3d6b7
Mikogo 5.4.1.160608 Local Credentials Disclosure
Posted Oct 24, 2017
Authored by LiquidWorm | Site zeroscience.mk

Mikogo version 5.4.1.160608 is vulnerable to local credential disclosure. The supplied password is stored as a MD5 hash format in memory. A potential attacker could reveal the supplied password hash and re-use it or store it via the configuration file in order to gain access to the account.

tags | exploit, local
MD5 | 419a8443310d3d0785a7ddbe412a4f5d
FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the camera.

tags | exploit
systems | linux
MD5 | e592ff3872f75caea44a65c9cf351b4d
FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR suffers from an unauthenticated and unauthorized live stream disclosure.

tags | exploit
MD5 | e03a021e70dd4edfd74eb548605eefff
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIP Systems thermal cameras have an issues where Input passed through several parameters is not properly verified before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files from local resources.

tags | exploit, arbitrary, local
MD5 | 4332adce3a8ca1290398c21e9a461f0e
FLIR Systems FLIR Thermal Camera PT-Series (PT-334 200562) Remote Root
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR Camera PT-Series suffers from multiple unauthenticated remote command injection vulnerabilities. The vulnerability exist due to several POST parameters in controllerFlirSystem.php script when calling the execFlirSystem() function not being sanitized when using the shell_exec() PHP function while updating the network settings on the affected device. This allows the attacker to execute arbitrary system commands as the root user and bypass access controls in place.

tags | exploit, remote, arbitrary, root, php, vulnerability
MD5 | 5ddf109d3a422df75105565034f680b0
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection
Posted Sep 25, 2017
Authored by LiquidWorm | Site zeroscience.mk

FLIR FC-S/PT series suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user.

tags | exploit, arbitrary, shell, root
MD5 | 636a089048b47449c889902485301766
NethServer 7.3.1611 CSRF Create User / Enable SSH Access
Posted Aug 28, 2017
Authored by LiquidWorm | Site zeroscience.mk

NethServer version 7.3.1611 suffers from a cross site request forgery vulnerability that allows you to create a user and enable SSH access.

tags | exploit, csrf
MD5 | 30902b438d0c118a9ace27dab197dbe2
NethServer 7.3.1611 Upload.json CSRF Script Insertion
Posted Aug 28, 2017
Authored by LiquidWorm | Site zeroscience.mk

NethServer version 7.3.1611 suffers from a cross site request forgery script insertion vulnerability in Upload.json.

tags | exploit, csrf
MD5 | a9980262ca1346b7e14b6a1188a41a1d
Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
Posted Aug 23, 2017
Authored by LiquidWorm | Site zeroscience.mk

Automated Logic WebCTRL version 6.5 suffers from an unrestricted file upload vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, file upload
advisories | CVE-2017-9650
MD5 | dfbd662ecb79e969664c3cfd3b845d91
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
Posted Aug 23, 2017
Authored by LiquidWorm | Site zeroscience.mk

Automated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2017-9640
MD5 | ba74d7e72b8d250b3eb5121245e82a5f
Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
Posted Aug 23, 2017
Authored by LiquidWorm | Site zeroscience.mk

Automated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-9644
MD5 | bfe85c9a0561b977ce1f85fffe2a9011
DALIM SOFTWARE ES Core 5.0 Build 7184.1 XSS / CSRF
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f45967f142034d6fe2d841c45f04a738
DALIM SOFTWARE ES Core 5.0 Build 7184.1 File Disclosure
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from multiple remote file disclosure vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | c761202bc8de7da35dd69a0a76f5a0e4
DALIM SOFTWARE ES Core 5.0 Build 7184.1 SSRF
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a server-side request forgery vulnerability.

tags | exploit
MD5 | e4cf92df4fabe47cdccf21a808417f2f
DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a user enumeration weakness vulnerability.

tags | exploit
MD5 | 88880ef2ce8b63e81ebfb59d4e065708
Dasan Networks GPON ONT WiFi Router H64X Series System Config Download
Posted Jul 14, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a system configuration download vulnerability.

tags | exploit
MD5 | 32c6926d4b55f78a96e9330f3313ccb5
Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation
Posted Jul 13, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 870b4516ab12344f5a3e0b816499e21a
Dasan Networks GPON ONT WiFi Router H64X Series Cross Site Request Forgery
Posted Jul 13, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | f8789c203d45686a1478547c8f7ef85b
Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass
Posted Jul 13, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series does not properly perform authentication and authorization, allowing it to be bypassed through cookie manipulation. Setting the Cookie 'Grant' with value 1 (user) or 2 (admin) will bypass security controls in place enabling the attacker to take full control of the device management interface.

tags | exploit
MD5 | 2ac46a8fae0efacc57a1d3723fb041cc
Schneider Electric Pelco VideoXpert Missing Encryption
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.

tags | exploit
MD5 | 29d6a13171a92249a789a85e02531e9e
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.

tags | exploit, web, arbitrary
MD5 | dfa0df3c855819b71c9869725eccb056
Schneider Electric Pelco VideoXpert Privilege Escalation
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.

tags | exploit
MD5 | 2fe804940583feed8e2672643c87628d
Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.

tags | exploit, remote, arbitrary, shell, root, php, code execution
MD5 | f60def224c0da5db858f33bf6eef0e47
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
MD5 | 7cab066459f46bedf6175289966aec2e
Page 1 of 22
Back12345Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    3 Files
  • 17
    Dec 17th
    13 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close