what you don't know can hurt you
Showing 1 - 25 of 740 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2021-02-08
View User Profile
SmartFoxServer 2X 2.17.0 Remote Code Execution
Posted Feb 8, 2021
Authored by LiquidWorm | Site zeroscience.mk

SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2021-26551
MD5 | 2db834152ee7e493d99bb63e98a6d779
SmartFoxServer 2X 2.17.0 Credential Disclosure
Posted Feb 8, 2021
Authored by LiquidWorm | Site zeroscience.mk

SmartFoxServer 2X version 2.17.0 suffers from a credential disclosure vulnerability.

tags | exploit
advisories | CVE-2021-26550
MD5 | 5ad1821f1742d2c526f833b3e3273cd8
SmartFoxServer 2X 2.17.0 God Mode Console WebSocket Cross Site Scripting
Posted Feb 8, 2021
Authored by LiquidWorm | Site zeroscience.mk

SmartFoxServer 2X version 2.17.0 suffers from a God Mode Console cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-26549
MD5 | 30b757cb9848d6b6428c7255e97ca242
STVS ProVision 5.9.10 Cross Site Request Forgery
Posted Jan 27, 2021
Authored by LiquidWorm | Site zeroscience.mk

STVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 9d1413e4356b04442edd4cf4047a66f3
STVS ProVision 5.9.10 Cross Site Scripting
Posted Jan 27, 2021
Authored by LiquidWorm | Site zeroscience.mk

STVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.

tags | exploit, xss
MD5 | aaa0dc980b48c821d79d69d4b74d19ab
STVS ProVision 5.9.10 File Disclosure
Posted Jan 27, 2021
Authored by LiquidWorm | Site zeroscience.mk

STVS ProVision version 5.9.10 suffers from an authenticated file disclosure vulnerability in archive.rb.

tags | exploit
MD5 | d31975430c3a6921d40248700c0fd3b4
Selea CarPlateServer 4.0.1.6 Remote Program Execution
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea CarPlateServer (CPS) version 4.0.1.6 suffers from a remote program execution vulnerability.

tags | exploit, remote
MD5 | b508ef5c28adbddbdd545c151338231f
Selea CarPlateServer 4.0.1.6 Local Privilege Escalation
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea CarPlateServer (CPS) version 4.0.1.6 suffers from a local privilege escalation vulnerability.

tags | exploit, local
MD5 | 1fdb0ca0e6a83adb86d6020b489e504c
Selea Targa IP OCR-ANPR Camera Remote Code Execution
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated remote code execution vulnerability. Multiple versions and firmwares are affected.

tags | exploit, remote, code execution
MD5 | 1f6d65c1d8aae316ebd469a5c5656095
Selea Targa IP OCR-ANPR Camera Stream Disclosure
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated RTP/RTSP/M-JPEG stream disclosure vulnerability. Multiple versions and firmwares are affected.

tags | exploit
MD5 | 885ab3fab2a7b9e95a83070d4921db46
Selea Targa IP OCR-ANPR Camera Cross Site Request Forgery
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea Targa IP OCR-ANPR Camera suffers from a cross site request forgery vulnerability that allows for adding an administrator. Multiple versions and firmwares are affected.

tags | exploit, csrf
MD5 | be38ae0d2e3c159a66288558c320fb05
Selea Targa IP OCR-ANPR Camera Server-Side Request Forgery
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated server-side request forgery vulnerability. Multiple versions and firmwares are affected.

tags | exploit
MD5 | 59086743ae56ccfe510616b711f3b59a
Selea Targa IP OCR-ANPR Camera Directory Traversal
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea Targa IP OCR-ANPR Camera suffers from an unauthenticated directory traversal vulnerability that allows for file disclosure. Multiple versions and firmwares are affected.

tags | exploit
MD5 | e108949a8210e2e7a6cb54e9dc8ce016
Selea Targa IP OCR-ANPR Camera Developer Backdoor Config Overwrite
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea Targa IP OCR-ANPR Camera has a hard-coded password for a hidden and undocumented /dev.html page that enables the vendor to enable configuration upload / overwrite to the affected device using the checkManufacturer() function through an AJAX method. Multiple versions and firmwares are affected.

tags | exploit
MD5 | 214aebd00c61892818653846edb0adda
Selea Targa IP OCR-ANPR Camera Cross Site Scripting
Posted Jan 22, 2021
Authored by LiquidWorm | Site zeroscience.mk

Selea Targa IP OCR-ANPR Camera suffers from a persistent cross site scripting vulnerability. Multiple versions and firmwares are affected.

tags | exploit, xss
MD5 | c96a1da8081f5c2db7459923bd5b135f
Arteco Web Client DVR/NVR Session Hijacking
Posted Dec 24, 2020
Authored by LiquidWorm | Site zeroscience.mk

The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream.

tags | exploit, remote, web
MD5 | cb6db35d7f26517c312bbf4e1a19976e
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a remote file inclusion vulnerability by including arbitrary client-side dynamic scripts (JavaScript, VBScript, HTML) when adding content though the input URL material of type html. This allows hijacking of the current session of the user, execute cross-site scripting code, or changing the look of the page and content modification on current display.

tags | exploit, remote, arbitrary, javascript, xss, file inclusion
MD5 | 85b5e3c8c9cb495114ef096e2616e76a
Sony BRAVIA Digital Signage 1.7.8 Insecure Direct Object Reference
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a client-side protection bypass due to an insecure direct object reference vulnerability.

tags | exploit
MD5 | 9c3322511ba56f41f33f9e40b9574a1a
Sony BRAVIA Digital Signage 1.7.8 System API Information Disclosure
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.

tags | exploit, info disclosure
MD5 | d5e3f98a3416a94cb0997c3b35929711
Digital Signage Systems - The Modern Hacker's Outreach
Posted Dec 3, 2020
Authored by LiquidWorm | Site zeroscience.mk

Whitepaper called Digital Signage Systems - The Modern Hacker's Outreach. It discusses everything from public incidents to common attack vectors leveraged to manipulate content.

tags | paper
MD5 | 5523c83e92054c30532290f6f4a597aa
RED-V Super Digital Signage System RXV-A740R Log Information Disclosure
Posted Nov 16, 2020
Authored by LiquidWorm | Site zeroscience.mk

RED-V Super Digital Signage System RXV-A740R is vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several endpoints and disclose the webserver's log file list containing sensitive system resources and debug log information running on the device.

tags | exploit, info disclosure
MD5 | e1d1ea37410444110d5c4be18ea30b60
iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation
Posted Nov 5, 2020
Authored by LiquidWorm | Site zeroscience.mk

iDS6 DSSPro Digital Signage System version 6.2 suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions from the console or by insecure direct object references to hidden functionalities that can result in creating users, modifying roles and permissions and full takeover of the application.

tags | exploit
MD5 | e3500a490fb570726141f18d28cdea4a
iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
Posted Nov 5, 2020
Authored by LiquidWorm | Site zeroscience.mk

The CAPTCHA function for iDS6 DSSPro Digital Signage System version 6.2 is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication routine. By requesting the autoLoginVerifyCode object an attacker can receive a JSON message code and successfully bypass the CAPTCHA-based authentication challenge and perform brute-force attacks.

tags | exploit, bypass
MD5 | 63ad9696454afc1b19e579a677c06b40
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
Posted Nov 5, 2020
Authored by LiquidWorm | Site zeroscience.mk

iDS6 DSSPro Digital Signage System version 6.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | 207d76baf968933618e1083a7fd98079
iDS6 DSSPro Digital Signage System 6.2 Password Disclosure
Posted Nov 5, 2020
Authored by LiquidWorm | Site zeroscience.mk

iDS6 DSSPro Digital Signage System version 6.2 suffers from a cleartext transmission/storage of sensitive information in a cookie when using the Remember (autoSave=true) feature. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.

tags | exploit, remote, web
MD5 | 6e74f91319785d9d2dc39fb672f1d06b
Page 1 of 30
Back12345Next

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close