accept no compromises
Showing 1 - 25 of 519 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2017-08-28
View User Profile
NethServer 7.3.1611 CSRF Create User / Enable SSH Access
Posted Aug 28, 2017
Authored by LiquidWorm | Site zeroscience.mk

NethServer version 7.3.1611 suffers from a cross site request forgery vulnerability that allows you to create a user and enable SSH access.

tags | exploit, csrf
MD5 | 30902b438d0c118a9ace27dab197dbe2
NethServer 7.3.1611 Upload.json CSRF Script Insertion
Posted Aug 28, 2017
Authored by LiquidWorm | Site zeroscience.mk

NethServer version 7.3.1611 suffers from a cross site request forgery script insertion vulnerability in Upload.json.

tags | exploit, csrf
MD5 | a9980262ca1346b7e14b6a1188a41a1d
Automated Logic WebCTRL 6.5 Unrestricted File Upload Remote Code Execution
Posted Aug 23, 2017
Authored by LiquidWorm | Site zeroscience.mk

Automated Logic WebCTRL version 6.5 suffers from an unrestricted file upload vulnerability that allows for remote code execution.

tags | exploit, remote, code execution, file upload
advisories | CVE-2017-9650
MD5 | dfbd662ecb79e969664c3cfd3b845d91
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
Posted Aug 23, 2017
Authored by LiquidWorm | Site zeroscience.mk

Automated Logic WebCTRL version 6.1 suffers from path traversal and arbitrary file write vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2017-9640
MD5 | ba74d7e72b8d250b3eb5121245e82a5f
Automated Logic WebCTRL 6.5 Insecure File Permissions Privilege Escalation
Posted Aug 23, 2017
Authored by LiquidWorm | Site zeroscience.mk

Automated Logic WebCTRL version 6.5 suffers from an insecure file permission privilege escalation vulnerability.

tags | exploit
advisories | CVE-2017-9644
MD5 | bfe85c9a0561b977ce1f85fffe2a9011
DALIM SOFTWARE ES Core 5.0 Build 7184.1 XSS / CSRF
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | f45967f142034d6fe2d841c45f04a738
DALIM SOFTWARE ES Core 5.0 Build 7184.1 File Disclosure
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from multiple remote file disclosure vulnerabilities.

tags | exploit, remote, vulnerability
MD5 | c761202bc8de7da35dd69a0a76f5a0e4
DALIM SOFTWARE ES Core 5.0 Build 7184.1 SSRF
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a server-side request forgery vulnerability.

tags | exploit
MD5 | e4cf92df4fabe47cdccf21a808417f2f
DALIM SOFTWARE ES Core 5.0 Build 7184.1 User Enumeration
Posted Aug 9, 2017
Authored by LiquidWorm | Site zeroscience.mk

DALIM SOFTWARE ES Core version 5.0 build 7184.1 suffers from a user enumeration weakness vulnerability.

tags | exploit
MD5 | 88880ef2ce8b63e81ebfb59d4e065708
Dasan Networks GPON ONT WiFi Router H64X Series System Config Download
Posted Jul 14, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a system configuration download vulnerability.

tags | exploit
MD5 | 32c6926d4b55f78a96e9330f3313ccb5
Dasan Networks GPON ONT WiFi Router H64X Series Privilege Escalation
Posted Jul 13, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 870b4516ab12344f5a3e0b816499e21a
Dasan Networks GPON ONT WiFi Router H64X Series Cross Site Request Forgery
Posted Jul 13, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | f8789c203d45686a1478547c8f7ef85b
Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass
Posted Jul 13, 2017
Authored by LiquidWorm | Site zeroscience.mk

Dasan Networks GPON ONT WiFi Router H64X Series does not properly perform authentication and authorization, allowing it to be bypassed through cookie manipulation. Setting the Cookie 'Grant' with value 1 (user) or 2 (admin) will bypass security controls in place enabling the attacker to take full control of the device management interface.

tags | exploit
MD5 | 2ac46a8fae0efacc57a1d3723fb041cc
Schneider Electric Pelco VideoXpert Missing Encryption
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert transmits sensitive data using double Base64 encoding for the Cookie 'auth_token' in a communication channel that can be sniffed by unauthorized actors or arbitrarily be read from the vxcore log file directly using directory traversal attack resulting in authentication bypass / session hijacking.

tags | exploit
MD5 | 29d6a13171a92249a789a85e02531e9e
Schneider Electric Pelco VideoXpert Core Admin Portal Directory Traversal
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco VideoXpert suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server.

tags | exploit, web, arbitrary
MD5 | dfa0df3c855819b71c9869725eccb056
Schneider Electric Pelco VideoXpert Privilege Escalation
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric Pelco VideoXpert is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (full) for the 'Users' group, for several binary files. The service is installed by default to start on system boot with LocalSystem privileges. Attackers can replace the binary with their rootkit, and on reboot they get SYSTEM privileges.

tags | exploit
MD5 | 2fe804940583feed8e2672643c87628d
Schneider Electric Pelco Sarix/Spectra Cameras Root Remote Code Execution
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a code execution vulnerability. The affected cameras suffer from authenticated remote code execution vulnerability. The POST parameter 'enable_leds' located in the update() function called via the GeneralSetupController.php script is not properly sanitised before being used in writeLedConfig() function to enable led state to on or off. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges using a specially crafted request and escape sequence to system shell.

tags | exploit, remote, arbitrary, shell, root, php, code execution
MD5 | f60def224c0da5db858f33bf6eef0e47
Schneider Electric Pelco Sarix/Spectra Cameras CSRF Enable SSH Root Access
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco IP cameras suffer from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
MD5 | 7cab066459f46bedf6175289966aec2e
Schneider Electric Pelco Sarix/Spectra Cameras XSS
Posted Jul 11, 2017
Authored by LiquidWorm | Site zeroscience.mk

Pelco cameras suffer from multiple dom-based, stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, vulnerability
MD5 | 7f8219b6e322e2f71ec72c2c608d1040
SimpleRisk 20170416-001 Cross Site Scripting
Posted Jun 22, 2017
Authored by LiquidWorm | Site zeroscience.mk

SimpleRisk version 20170416-001 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | cc6ee041f9ef0acdd8e3fb8dbdcb6dfb
EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution
Posted Jun 4, 2017
Authored by LiquidWorm | Site zeroscience.mk

EnGenius EnShare suffers from an unauthenticated command injection vulnerability in which an attacker can inject and execute arbitrary code as the root user via the 'path' GET/POST parameter parsed by 'usbinteract.cgi' script.

tags | exploit, arbitrary, cgi, root
MD5 | 6051f5e6ab0341318d0a8979089a82be
OV3 Online Administration 3.0 SQL Injection
Posted May 31, 2017
Authored by LiquidWorm | Site zeroscience.mk

OV3 Online Administration version 3.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | b45182a216390d5400da665f979cc9ad
OV3 Online Administration 3.0 Authenticated Code Execution
Posted May 31, 2017
Authored by LiquidWorm | Site zeroscience.mk

OV3 Online Administration version 3.0 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 4836439cfaece2fea647cf5c5b5bc314
OV3 Online Administration 3.0 Parameter Traversal Arbitrary File Access
Posted May 31, 2017
Authored by LiquidWorm | Site zeroscience.mk

OV3 Online Administration version 3.0 suffers from a traversal vulnerability that allows for arbitrary file access.

tags | exploit, arbitrary
MD5 | d59ba0c9c85323843417e3b44d2fa62b
CERIO 11nbg 2.4Ghz High Power Wireless Router (pekcmd) Rootshell Backdoors
Posted May 29, 2017
Authored by LiquidWorm | Site zeroscience.mk

CERIO 11nbg 2.4Ghz high power wireless router (pekcmd) has multiple backdoor accounts that yield rootshells.

tags | exploit
MD5 | 624f0bc5afb62a9c9c86abe9e5434ea1
Page 1 of 21
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close