exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 918 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2024-07-03
View User Profile
Deep Sea Electronics DSE855 Remote Authentication Bypass
Posted Jul 3, 2024
Authored by LiquidWorm | Site zeroscience.mk

Deep Sea Electronics DSE855 is vulnerable to configuration disclosure when direct object reference is made to the Backup.bin file using an HTTP GET request. This will enable an attacker to disclose sensitive information and help her in authentication bypass, privilege escalation, and full system access.

tags | exploit, web
advisories | CVE-2024-5947
SHA-256 | 1d64431803bd77f94436581379685f0abf2c49f8bdfd5eec2c904d237a7b2ac3
Aquatronica Control System 5.1.6 Password Disclosure
Posted May 30, 2024
Authored by LiquidWorm | Site zeroscience.mk

Aquatronica Control System version 5.1.6 has a tcp.php endpoint on the controller that is exposed to unauthenticated attackers over the network. This vulnerability allows remote attackers to send a POST request which can reveal sensitive configuration information, including plaintext passwords. This can lead to unauthorized access and control over the aquarium controller, compromising its security and potentially allowing attackers to manipulate its settings.

tags | exploit, remote, php, tcp
SHA-256 | 156dd012b72f45fad1f98bb1e1e9d6db89c8dfc2181bfdb205566cd6e184f365
Elber Wayber Analog/Digital Audio STL 4.00 Insecure Direct Object Reference
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

tags | exploit
SHA-256 | 1f4ca9c99499e4b0297302a26037d992679a7eb1d2c0d0b3b0698bafec7a14cc
Elber Wayber Analog/Digital Audio STL 4.00 Authentication Bypass
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.suffers from a bypass vulnerability.

tags | exploit, bypass
SHA-256 | a8be311ea8bd5716cfaf9d9ff03921fd4ed851241b2631c9ed01cc72407d6cd5
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Insecure Direct Object Reference
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

tags | exploit
SHA-256 | 732e89c4d7c762b1e07463f187d3f8108448d799f0b2758484573c4b30793c25
Elber ESE DVB-S/S2 Satellite Receiver 1.5.x Authentication Bypass
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber ESE DVB-S/S2 Satellite Receiver version 1.5.x suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

tags | exploit, bypass
SHA-256 | 83741fb5f4f7b681078f0f0aabdad5e51a82d40ac4c86d1cf8609032649927cb
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

tags | exploit
SHA-256 | 67d45ea700951600af178d1f85ea7278844c202822bf7c0658dfaf91b222e908
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Authentication Bypass
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

tags | exploit, bypass
SHA-256 | c2417b5039d600504ceb0e6c879a84ed9fa871b7b6f5e5cc38ae49fcdd200170
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

tags | exploit
SHA-256 | 77061cc166718763551c4d6d463e2cbc76a772e04ed4a0acfdf893965b4476cb
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Cleber/3 Broadcast Multi-Purpose Platform version 1.0.0 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

tags | exploit, bypass
SHA-256 | 055664930200e432744c2fe93d040213de69b2cc7bd67a68df70afa259bd9b24
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

tags | exploit
SHA-256 | a259836c2010557736c6c674d0ca15f441385152927583f06374e38fb067306f
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Posted Apr 18, 2024
Authored by LiquidWorm | Site zeroscience.mk

Elber Signum DVB-S/S2 IRD for Radio Networks version 1.999 suffers from an authentication bypass vulnerability through a direct and unauthorized access to the password management functionality. The issue allows attackers to bypass authentication by manipulating the set_pwd endpoint that enables them to overwrite the password of any user within the system. This grants unauthorized and administrative access to protected areas of the application compromising the device's system security.

tags | exploit, bypass
SHA-256 | 9ceffe5b49bd3badfd5ead7c79b69103e029d8dd57cc256606f884dc51678833
Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass
Posted Apr 4, 2024
Authored by LiquidWorm | Site zeroscience.mk

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user's password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device's system security.

tags | exploit, arbitrary
SHA-256 | e8bf7735882d4c05983b6e675cc30c123bd15be6138cd6e0ef2ac21890428ded
Tosibox Key Service 3.3.0 Local Privilege Escalation / Unquoted Service Path
Posted Feb 24, 2024
Authored by LiquidWorm | Site zeroscience.mk

Tosibox Key Service versions 3.3.0 and below suffer from an unquoted search path issue impacting the service Tosibox Key Service for Windows. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system.

tags | exploit, arbitrary, local
systems | windows
SHA-256 | 7820f9f7d9af81913956c26707d4acc215ad499c129864227adf8ac1f2345e47
TELSAT marKoni FM Transmitter 1.9.5 Insecure Access Control
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 allows an unauthorized user to change passwords.

tags | exploit
SHA-256 | 1a66ae97399735bad2659eadafe4e686cf03efee1ac0274553f2b7dbf758023d
TELSAT marKoni FM Transmitter 1.9.5 Client-Side Access Control Bypass
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 implements client-side restrictions that can be bypassed by editing the HTML source page that enable administrative operations.

tags | exploit
SHA-256 | 83533dbc84d20eb18eca133e9837ec480db912786b98b95f7685d6c1337c524c
TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 has a hidden super administrative account factory that has the hardcoded password inokram25 that allows full access to the web management interface configuration.

tags | exploit, web
SHA-256 | 4ca01a27bd0ca6409f7d71dc7c9c036577b1fa85f80f0723476544a5ed69de48
TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection
Posted Jan 31, 2024
Authored by LiquidWorm | Site zeroscience.mk

TELSAT marKoni FM Transmitter version 1.9.5 is susceptible to unauthenticated remote code execution with root privileges. An attacker can exploit a command injection vulnerability by manipulating the Email settings' WAN IP info service, which utilizes the wget module. This allows the attacker to gain unauthorized access to the system with administrative privileges by exploiting the url parameter in the HTTP GET request to ekafcgi.fcgi.

tags | exploit, remote, web, root, code execution
SHA-256 | 46341d10fda6afba8c75a394bb4b32d1f7ec8fe113f6eab57560a1e8d79ab38a
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
Posted Dec 4, 2023
Authored by LiquidWorm | Site zeroscience.mk

R Radio Network FM Transmitter version 1.07 suffers from an improper access control that allows an unauthenticated actor to directly reference the system.cgi endpoint and disclose the clear-text password of the admin user allowing authentication bypass and FM station setup access.

tags | exploit, cgi
SHA-256 | 957fbcd8e2322bfb4df06832e6de97007a8bedfc7567ee79382899cdc5a7a54d
TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution
Posted Nov 27, 2023
Authored by LiquidWorm | Site zeroscience.mk

The Atemio AM 520 HD Full HD satellite receiver has a vulnerability that enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the getcommand query within the application, allowing the attacker to gain root access. Firmware versions 2.01 and below are affected.

tags | exploit, root
SHA-256 | 3449aff141402f4665fd423173623d011160d26c4468883c56ce200716f8753a
TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery
Posted Oct 26, 2023
Authored by LiquidWorm | Site zeroscience.mk

TEM Opera Plus FM Family Transmitter version 35.45 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | a52528a06358c03567dd7250e46dc164be44ddfb510fb4bf6804baef2e55864d
TEM Opera Plus FM Family Transmitter 35.45 Remote Code Execution
Posted Oct 26, 2023
Authored by LiquidWorm | Site zeroscience.mk

TEM Opera Plus FM Family Transmitter version 35.45 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 7ade5447ba45d88833961d63cfdb8a3c4c9ce12a9bb50b6bc86aa17b24bdd65c
VIMESA VHF/FM Transmitter Blue Plus 9.7.1 Denial Of Service
Posted Oct 20, 2023
Authored by LiquidWorm | Site zeroscience.mk

VIMESA VHF/FM Transmitter Blue Plus version 9.7.1 suffers from a denial of service vulnerability. An unauthenticated attacker can issue an unauthorized HTTP GET request to the unprotected endpoint doreboot and restart the transmitter operations.

tags | exploit, web, denial of service
SHA-256 | 410445f3600c298991dca858be19f7b5d39aabcc622dfaeb5831c84c9962918b
Electrolink FM/DAB/TV Transmitter Pre-Auth MPFS Image Remote Code Execution
Posted Oct 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Electrolink FM/DAB/TV Transmitter allows access to an unprotected endpoint that allows an MPFS File System binary image upload without authentication. The MPFS2 file system module provides a light-weight read-only file system that can be stored in external EEPROM, external serial Flash, or internal Flash program memory. This file system serves as the basis for the HTTP2 web server module, but is also used by the SNMP module and is available to other applications that require basic read-only storage capabilities. This can be exploited to overwrite the flash program memory that holds the web server's main interfaces and execute arbitrary code.

tags | exploit, web, arbitrary
SHA-256 | ac5f10b56496b87847c741037481ca75bcd2e582224891a5fdf49e523b421ad3
Electrolink FM/DAB/TV Transmitter Unauthenticated Remote Denial Of Service
Posted Oct 2, 2023
Authored by LiquidWorm | Site zeroscience.mk

Electrolink FM/DAB/TV Transmitter from a denial of service scenario. An unauthenticated attacker can reset the board as well as stop the transmitter operations by sending one GET request to the command.cgi gateway.

tags | exploit, denial of service, cgi
SHA-256 | b9b0622841f3107d917cdcd1705a85c49fc9e8558ff56a20647b6b895f6e0b05
Page 1 of 37
Back12345Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close