exploit the possibilities
Showing 1 - 25 of 595 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2019-03-18
View User Profile
exacqVision 9.8 Unquoted Service Path Privilege Escalation
Posted Mar 18, 2019
Authored by LiquidWorm | Site zeroscience.mk

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
MD5 | 98a9960106f1cef1cf55ce4666251455
Intel Modular Server System 10.18 Cross Site Request Forgery
Posted Mar 13, 2019
Authored by LiquidWorm | Site zeroscience.mk

Intel Modular Server System version 10.18 cross site request forgery change administrative password exploit.

tags | exploit, csrf
MD5 | 9b4252f03c063c8bd9ec324f85d64cef
NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution
Posted Mar 11, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (sdl2.dll and libegl.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote WebDAV or SMB share. Version 2.8.0 is affected.

tags | exploit, remote, arbitrary
MD5 | 7aee5a2862d6abbe08b84cd641d5b068
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from two authenticated command injection vulnerabilities. The issues can be triggered when calling ServerName or TimeZone GET parameters via the servertest page. This can be exploited to inject arbitrary system commands and gain root remote code execution.

tags | exploit, remote, arbitrary, root, vulnerability, code execution
MD5 | f23f6c76299553ece645020b9e371c87
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from an authenticated file disclosure vulnerability. Input passed via the 'READ.filePath' parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.

tags | exploit, arbitrary
MD5 | 180edc8c969ba13aff69b78acb0a5626
BEWARD N100 H.264 VGA IP Camera M2.1.6 Cross Site Request Forgery
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera version M2.1.6 suffers from a cross site request forgery vulnerability. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web, csrf
MD5 | 2eed9bbda22111e9816aab55c98c6681
BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure
Posted Feb 5, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD N100 H.264 VGA IP Camera M2.1.6 suffers from an unauthenticated and unauthorized live RTSP video stream access.

tags | exploit
MD5 | 3817ffc920ddabf03769e39fa1c05d7f
BEWARD Intercom 2.3.1 Credential Disclosure
Posted Jan 28, 2019
Authored by LiquidWorm | Site zeroscience.mk

BEWARD Intercom version 2.3.1 suffers from a credential disclosure vulnerability.

tags | exploit
MD5 | 7884141c3e0110f9f4f73d09f95694b5
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 XSS
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a stored cross site scripting vulnerability. The issue is triggered via unrestricted file upload while restoring a config file allowing the attacker to upload an html or javascript file that will be stored in /settings/poc.html. This can be exploited to execute arbitrary HTML or JS code in a user's browser session in context of an affected site.

tags | exploit, arbitrary, javascript, xss, file upload
MD5 | c29aaada51feda9d709457babad0536e
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 CSRF
Posted Jan 7, 2019
Authored by LiquidWorm | Site zeroscience.mk

Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | a2b93d0ff2e78ec2b0c4b4e70abb218f
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
Posted Nov 19, 2018
Authored by LiquidWorm | Site zeroscience.mk

Synaccess netBooter NP-0801DU version 7.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | c58aeb7ef6b68b80d63bcfe2db7d1b15
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
Posted Nov 19, 2018
Authored by LiquidWorm | Site zeroscience.mk

Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving her the power to turn off a power supply to a resource.

tags | exploit, cgi, bypass
MD5 | b35aa71589ba337fad0f50e2db1dd972
Microsoft Internet Explorer 11 Tree::Notify_InvalidateDisplay Null Pointer Dereference
Posted Nov 5, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microsoft Internet Explorer 11 suffers from a null pointer dereference vulnerability in Tree::Notify_InvalidateDisplay.

tags | exploit
MD5 | 25fc4b591fd4c93897c9727e2564bf0f
Anviz AIM CrossChex Standard 4.3 Excel Macro Injection
Posted Nov 1, 2018
Authored by LiquidWorm | Site zeroscience.mk

CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex version 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. Upon importing, the application will launch Excel program and execute the malicious macro formula.

tags | exploit, arbitrary
MD5 | f17d0ab71ad68426099534dd08d3f455
TP-Link TL-SC3130 1.6.18 Unauthenticated RTSP Stream Disclosure
Posted Oct 17, 2018
Authored by LiquidWorm | Site zeroscience.mk

TP-Link TL-SC3130 version 1.6.18 suffers from an unauthenticated and unauthorized live RTSP stream disclosure.

tags | exploit
advisories | CVE-2018-18428
MD5 | e029e95c170246483700a76a5b7644d8
FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated and unauthorized live RTSP video stream access.

tags | exploit
MD5 | c9e086de25a24942ecb2ff6455cc9e3a
FLIR Systems FLIR Brickstream 3D+ Unauthenticated Config Download File Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR Brickstream 3D+ sensor is vulnerable to unauthenticated config download and file disclosure vulnerability when calling the ExportConfig REST API (getConfigExportFile.cgi). This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.

tags | exploit, cgi
MD5 | 1713c8fd894c04a7b7bca5abd747a8a4
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Hard-coded Credentials Shell Access
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access.

tags | exploit, web, shell
systems | linux
MD5 | 33ffa851ac663c1ab4b0b5c38033d8e6
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed via the 'file' parameter in download.php is not properly verified before being used to download config files. This can be exploited to disclose the contents of arbitrary files via absolute path.

tags | exploit, arbitrary, php
MD5 | acdaa748301edd2bc81cd2080da980c7
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 RTSP Stream Disclosure
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR AX8 thermal sensor camera version 1.32.16 suffers an unauthenticated and unauthorized live RTSP video stream access.

tags | exploit
MD5 | 12f0bc57b7afd9426d7045450ba3c350
FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Remote Root
Posted Oct 15, 2018
Authored by LiquidWorm | Site zeroscience.mk

The FLIR AX8 thermal sensor camera version 1.32.16 suffers from two unauthenticated command injection vulnerabilities. The issues can be triggered when calling multiple unsanitized HTTP GET/POST parameters within the shell_exec function in res.php and palette.php file. This can be exploited to inject arbitrary system commands and gain root remote code execution.

tags | exploit, remote, web, arbitrary, root, php, vulnerability, code execution
MD5 | d06114bdae6c5e38a699adb6567a8ba2
FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation
Posted Oct 8, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR Systems FLIR thermal traffic cameras suffers from a websocket device manipulation vulnerability.

tags | exploit
MD5 | 1758b25f8d73cbe768557470cb4ec024
FLIR Systems FLIR Thermal Traffic Cameras RTSP Stream Disclosure
Posted Oct 8, 2018
Authored by LiquidWorm | Site zeroscience.mk

FLIR Systems FLIR thermal traffic cameras suffer from an RTSP stream disclosure vulnerability.

tags | exploit
MD5 | 500bbb1808ed3b7c4e433fc3334c1985
NovaRad NovaPACS Diagnostics Viewer 8.5 File Disclosure
Posted Sep 5, 2018
Authored by LiquidWorm | Site zeroscience.mk

NovaRad NovaPACS Diagnostics Viewer version 8.5 suffers from an XML external entity injection vulnerability that allows for file disclosure.

tags | exploit
MD5 | e85d4489d58f26bca437667c877df4a6
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Backdoor Jailbreak
Posted Jul 16, 2018
Authored by LiquidWorm | Site zeroscience.mk

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems have a web shell application that includes a service called Microhard Sh that is documented only as 'reserved for internal use'. This service can be enabled by an authenticated user within the Services menu in the web admin panel. This can also be enabled via CSRF attack. When the service is enabled, a user 'msshc' is created on the system with password 'msshc' for SSH shell access on port 22. When connected, the user is dropped into a NcFTP jailed environment, that has limited commands for file transfer administration. One of the commands is a custom added 'ping' command that has a command injection vulnerability that allows the attacker to escape the restricted environment and enter into a root shell terminal that can execute commands as the root user. Many versions are affected.

tags | exploit, web, shell, root
MD5 | 3679d738983dec17aa3243aa408c3212
Page 1 of 24
Back12345Next

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close