exploit the possibilities
Showing 1 - 25 of 764 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2021-05-07
View User Profile
Epic Games Easy Anti-Cheat 4.0 Local Privilege Escalation
Posted May 7, 2021
Authored by LiquidWorm | Site zeroscience.mk

Epic Games Easy Anti-Cheat version 4.0 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 20d43a191de2ac386670c70f501ff4ba
Epic Games Rocket League 1.95 Stack Buffer Overrun
Posted May 3, 2021
Authored by LiquidWorm | Site zeroscience.mk

Epic Games Rocket League version 1.95 suffers from a stack-based buffer overflow vulnerability. The issue is caused due to a boundary error in the processing of a UPK format file, which can be exploited to cause a stack buffer overflow when a user crafts the file with a large array of bytes inserted in the vicinity offset after the magic header. Successful exploitation could allow execution of arbitrary code on the affected machine.

tags | exploit, overflow, arbitrary
MD5 | ba2e463a8ce18d40968287a8781e6309
Epic Games Rocket League 1.95 Insecure Permissions
Posted May 3, 2021
Authored by LiquidWorm | Site zeroscience.mk

Epic Games Rocket League versions 1.95 and below suffer from an insecure permissions vulnerability.

tags | exploit
MD5 | 9ed5a4f67cb00f02b0ffb67ded384d2c
Sipwise C5 NGCP CSC Cross Site Request Forgery
Posted Apr 23, 2021
Authored by LiquidWorm | Site zeroscience.mk

The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.

tags | exploit, web
advisories | CVE-2021-31584
MD5 | e7d898fb2b62a3d6bc51dbf8df132928
Sipwise C5 NGCP CSC Cross Site Scripting
Posted Apr 23, 2021
Authored by LiquidWorm | Site zeroscience.mk

Sipwise software platform suffers from multiple authenticated stored and reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Versions affected include CE_m39.3.1 and below and NGCP www_admin version 3.6.7.

tags | exploit, arbitrary, vulnerability, xss
advisories | CVE-2021-31583
MD5 | e8a251a6a3bb2fbde253ad48c129475c
ZBL EPON ONU Broadband Router 1.0 Remote Privilege Escalation
Posted Apr 1, 2021
Authored by LiquidWorm | Site zeroscience.mk

ZBL EPON ONU Broadband Router version 1.0 suffers from a privilege escalation vulnerability. The limited administrative user (admin:admin) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint or the password page and disclose the http super user password. Once authenticated as super, an attacker will be granted access to additional and privileged functionalities.

tags | exploit, web
MD5 | 4607935e1f6b2fc71ba56373899167b5
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insufficient Session Expiration
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse user's session identifiers.

tags | exploit, web
MD5 | 84f580c69eb4c4b67b39a30f8f592c3a
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Privilege Escalation
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from a privilege escalation vulnerability. The non-privileged default user (user:user123) can elevate his/her privileges by sending a HTTP GET request to the configuration export endpoint and disclose the admin password. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.

tags | exploit, web
MD5 | dd6d3f0b7899d4ca7fe2150949c8b308
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and full system access.

tags | exploit, web, cgi
MD5 | 1d8b3dfcfefc72d5cdcf8b936e80404e
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Device Reboot
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to restart the device with an HTTP GET request to /goform/RestartDevice page.

tags | exploit, web
MD5 | bdaea7da6759d7010755dac41c4e9199
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Factory Reset
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 allows unauthenticated attackers to visit the unprotected /goform/LoadDefaultSettings endpoint and reset the device to its factory default settings. Once the GET request is made, the device will reboot with its default settings allowing the attacker to bypass authentication and take full control of the system.

tags | exploit
MD5 | cf7093a93ef32ed17a151baf6bc19791
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Log Disclosure
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has an unprotected web management server that is vulnerable to sensitive information disclosure vulnerability. An unauthenticated attacker can visit the syslog page and disclose the webserver's log file containing system information running on the device.

tags | exploit, web, info disclosure
MD5 | 5355e78b600626554654f401bfe4118d
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Insecure Direct Object Reference
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an insecure direct object reference vulnerability.

tags | exploit
MD5 | d1b12dafef4bdd9f745273625e0f2617
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Remote Code Execution
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 has several backdoors and hidden pages that allow for remote code execution, overwriting of the bootrom, and enabling debug mode.

tags | exploit, remote, code execution
MD5 | 90b3d2dea4b497955070ee3ed9a3f266
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Weak Default WiFi Password Algorithm
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 generates its SSID and password based on the WAN MAC address.

tags | exploit
MD5 | 7e5b5ebc4a7a2a56b06b04aff7a184b9
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Hard-Coded Credentails / Shell Access
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 utilizes hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the router.

tags | exploit
systems | linux
MD5 | e73456784d21e441ba4eacb5392c83b2
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authentication Bypass
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authentication bypass vulnerability. An unauthenticated attacker can disclose sensitive and clear-text information resulting in authentication bypass by downloading the configuration of the device and revealing the admin password.

tags | exploit, bypass
MD5 | e9c689c7edb292edf9f63d1991b4a4cd
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Authenticated Command Injection
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

KZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the pingAddr HTTP POST parameter bypassing the injection protection filter.

tags | exploit, web, arbitrary, shell
MD5 | 1a328f5c085e43fdbc6aa762de109b6f
SOYAL 701Client 9.0.1 Insecure Permissions
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

SOYAL 701Client version 9.0.1 suffers from an insecure permissions vulnerability.

tags | exploit
MD5 | 6421226bd5aed765b397010c39c1368d
SOYAL 701Server 9.0.1 Insecure Permissions
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

SOYAL 701Server version 9.0.1 suffers from an insecure permissions vulnerability.

tags | exploit
MD5 | 3b51fa9ee0f73925df5fd8339e92606f
SOYAL Biometric Access Control System 5.0 Cross Site Request Forgery
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

SOYAL Biometric Access Control System version 5.0 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 2893ad78302b33102388b180dc19506d
SOYAL Biometric Access Control System 5.0 Weak Default Credentials
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

The web control panel SOYAL Biometric Access Control System version 5.0 uses a weak set of default administrative credentials (no password) that can be easily guessed in remote password attacks.

tags | exploit, remote, web
MD5 | 5c21b980433cae71313be94d4387bd2e
SOYAL Biometric Access Control System 5.0 Master Code Disclosure
Posted Mar 19, 2021
Authored by LiquidWorm | Site zeroscience.mk

The controller in SOYAL Biometric Access Control System version 5.0 suffers from a cleartext transmission of sensitive information. This allows interception of the HTTP traffic and disclose the Master code and the Arming code via a man-in-the-middle attack. An attacker can obtain these codes to enter into the controller's Programming mode and bypass physical security controls in place.

tags | exploit, web
MD5 | 1beb802bc3fbde60c391b10c557c6ae8
NuCom 11N Wireless Router 5.07.90 Remote Privilege Escalation
Posted Mar 10, 2021
Authored by LiquidWorm | Site zeroscience.mk

NuCom 11N Wireless Router version 5.07.90 suffers from a remote privilege escalation vulnerability. The non-privileged default user (user:user) can elevate his/her privileges by sending a HTTP GET request to the configuration backup endpoint and disclose the http super password (admin credentials) in Base64 encoded value. Once authenticated as admin, an attacker will be granted access to the additional and privileged pages.

tags | exploit, remote, web
MD5 | 3e5b31a9ca75c80c897dddb08355d3a0
SmartFoxServer 2X 2.17.0 Remote Code Execution
Posted Feb 8, 2021
Authored by LiquidWorm | Site zeroscience.mk

SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-26551
MD5 | 2db834152ee7e493d99bb63e98a6d779
Page 1 of 31
Back12345Next

File Archive:

May 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    1 Files
  • 2
    May 2nd
    4 Files
  • 3
    May 3rd
    27 Files
  • 4
    May 4th
    17 Files
  • 5
    May 5th
    3 Files
  • 6
    May 6th
    32 Files
  • 7
    May 7th
    11 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    0 Files
  • 10
    May 10th
    0 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close