what you don't know can hurt you
Showing 1 - 25 of 698 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2020-08-21
View User Profile
Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.

tags | exploit, arbitrary
MD5 | fd7bb44dd6320c3825c09283301d799e
Eibiz i-Media Server Digital Signage 3.8.0 File Path Traversal
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.

tags | exploit, remote, root
MD5 | 48bcb45f0b05d6750b03ec9ce8698dc6
Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.

tags | exploit, remote
MD5 | 3841e73f5ee30c4a0b8a1d02dac070da
Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure
Posted Aug 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability.

tags | exploit
MD5 | 5d2550faa54b02155ff0c1672fb51b45
QiHang Media Web Digital Signage 3.0.9 Remote Code Execution
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a pre-authentication remote code execution vulnerability.

tags | exploit, remote, web, code execution
MD5 | 7c248458391a49820ad700528da5bdc1
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an arbitrary file disclosure vulnerability.

tags | exploit, web, arbitrary
MD5 | 4b229bf7159213f08c6c5c724d811ce5
QiHang Media Web Digital Signage 3.0.9 Arbitrary File Deletion
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability.

tags | exploit, web, arbitrary
MD5 | 4ec2d17bffc03ecbcdff736a646ec399
QiHang Media Web Digital Signage 3.0.9 Credential Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a clear-text credential disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file /xml/User/User.xml and obtain administrative login information that allows for a successful authentication bypass attack.

tags | exploit, web
MD5 | a4df03562be6c4ac8f645486ee2b5b2d
QiHang Media Web Digital Signage 3.0.9 Password Disclosure
Posted Aug 13, 2020
Authored by LiquidWorm | Site zeroscience.mk

QiHang Media Web Digital Signage version 3.0.9 suffers from a cleartext transmission/storage of sensitive information in a cookie. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.

tags | exploit, remote, web
MD5 | 642489cbf934a4731b9a002f38dc0571
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation
Posted Aug 2, 2020
Authored by LiquidWorm | Site zeroscience.mk

All-Dynamics Software enlogic:show Digital Signage System version 2.0.2 suffers from a session fixation vulnerability.

tags | exploit
MD5 | b360840e29dc9c52e8c3e47dcec29e65
All-Dynamics Software enlogic:show Digital Signage System 2.0.2 CSRF
Posted Aug 2, 2020
Authored by LiquidWorm | Site zeroscience.mk

All-Dynamics Software enlogic:show Digital Signage System version 2.0.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 7e17b980450da6f3316e47dbaa25e3d6
UBICOD Medivision Digital Signage 1.5.1 Privilege Escalation
Posted Jul 20, 2020
Authored by LiquidWorm | Site zeroscience.mk

UBICOD Medivision Digital Signage version 1.5.1 suffers from a privilege escalation vulnerability that is leveraged via authorization bypass.

tags | exploit
MD5 | 3fe4e2cf4345f82778b34c87c1c95b2e
UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery
Posted Jul 20, 2020
Authored by LiquidWorm | Site zeroscience.mk

UBICOD Medivision Digital Signage version 1.5.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 7a013c192f24d703708c97f367a298da
Plexus anblick Digital Signage Management 3.1.13 Open Redirect
Posted Jul 20, 2020
Authored by LiquidWorm | Site zeroscience.mk

Plexus anblick Digital Signage Management version 3.1.13 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 782ad6d29c9e25bea8d7de007fc6f4dd
rauLink Software Domotica Web 2.0 SQL Injection
Posted Jul 6, 2020
Authored by LiquidWorm | Site zeroscience.mk

rauLink Software Domotica Web version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, web, sql injection
MD5 | 2e87055a57f33f9b29edeaf78101e3e4
Cayin xPost 2.5 SQL Injection / Remote Code Execution
Posted Jun 18, 2020
Authored by LiquidWorm, h00die | Site metasploit.com

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfinder_meeting_input.jsp file's wayfinder_seqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and therefore the default settings should work. Results in SYSTEM level access. Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads seem to be valid.

tags | exploit, java, remote, sql injection
advisories | CVE-2020-7356
MD5 | 0bce693076ed6cfe035781e990db745d
Cayin CMS NTP Server 11.0 Remote Code Execution
Posted Jun 18, 2020
Authored by LiquidWorm, h00die | Site metasploit.com

This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin CMS-SE is built for Ubuntu 16.04 (20.04 failed to install correctly), so the environment should be pretty set and not dynamic between targets. Results in root level access.

tags | exploit, remote, cgi, root, code execution
systems | linux, ubuntu
advisories | CVE-2020-7357
MD5 | 5b71abbf1e64c3cce0a48cc8d48f03b0
Cayin Digital Signage System xPost 2.5 Code Execution / SQL Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN xPost version 2.5 suffers from an unauthenticated SQL injection vulnerability. Input passed via the GET parameter wayfinder_seqid in wayfinder_meeting_input.jsp is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.

tags | exploit, arbitrary, sql injection
MD5 | d6686dcd290750e64871dcec7268adfc
Cayin Content Management Server 11.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.

tags | exploit, web, arbitrary, shell, cgi, root
MD5 | 2b40a82dbae2a46bd38664601734d373
Cayin Signage Media Player 3.0 Root Remote Command Injection
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

CAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.

tags | exploit, web, arbitrary, shell, cgi, root
MD5 | 9a04cbad2c7bcc1e00789b91f73a0061
Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files that are allowed to be modified (read/write/delete) are located in the /etc/config/ directory. An attacker can manipulate the POST request parameters to escape from the restricted environment by using absolute path and start reading, writing and deleting arbitrary files on the system.

tags | exploit, arbitrary, cgi, vulnerability
MD5 | 71fd7f2810f3f64fb2be820cb487f7b5
Secure Computing SnapGear Management Console SG560 3.1.5 CSRF
Posted Jun 4, 2020
Authored by LiquidWorm | Site zeroscience.mk

Secure Computing SnapGear Management Console SG560 version 3.1.5 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 9068570c9d23605eb5c081c323c3b293
Extreme Networks Aerohive HiveOS 11.x Denial Of Service
Posted May 6, 2020
Authored by LiquidWorm | Site zeroscience.mk

Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP request using the action.php5 script calling the CliWindow function thru the _page parameter, denying access to the web server hive user interface.

tags | exploit, remote, web, denial of service, proof of concept
MD5 | 8bc523d3b61e243e2e55cdddefe4c905
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
Posted Apr 24, 2020
Authored by LiquidWorm | Site zeroscience.mk

Furukawa Electric ConsciusMAP version 2.8.1 java deserialization remote code execution exploit.

tags | exploit, java, remote, code execution
advisories | CVE-2020-12133
MD5 | 6bdde55e22751554fa630c47df38d1df
P5 FNIP-8x16A/FNIP-4xSH CSRF / Cross Site Scripting
Posted Apr 21, 2020
Authored by LiquidWorm | Site zeroscience.mk

P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 1c782b6ec67ea3314c3e252545f9fbdf
Page 1 of 28
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close