what you don't know can hurt you
Showing 51 - 75 of 669 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2020-01-28
View User Profile
V-SOL GPON/EPON OLT Platform 2.03 Link Manipulation
Posted Sep 26, 2019
Authored by LiquidWorm | Site zeroscience.mk

V-SOL GPON/EPON OLT Platform version 2.03 suffers from a link manipulation vulnerability.

tags | exploit
MD5 | 5cea90218187ba10520f17a600a8536f
V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
Posted Sep 26, 2019
Authored by LiquidWorm | Site zeroscience.mk

V-SOL GPON/EPON OLT Platform version 2.03 suffers from an unauthenticated configuration download vulnerability.

tags | exploit
MD5 | fe152994b0410c54dd85432f305cb715
Rifatron Intelligent Digital Security System (animate.cgi) Stream Disclosure
Posted Sep 9, 2019
Authored by LiquidWorm | Site zeroscience.mk

The Rifatron Intelligent Digital Security System DVR suffers from an unauthenticated and unauthorized live stream disclosure when animate.cgi script is called through Mobile Web Viewer module.

tags | exploit, web, cgi
MD5 | 3b87e27dbb257291ff6eeadfd9dc0201
Yahei-PHP Prober 0.4.7 HTML Injection
Posted Jul 25, 2019
Authored by LiquidWorm | Site zeroscience.mk

Yahei-PHP Prober version 0.4.7 (speed) suffers from a remote html injection vulnerability.

tags | exploit, remote, php
MD5 | eb98108b01a92b8fac447bf19361759a
WordPress OneSignal 1.17.5 Cross Site Scripting
Posted Jul 18, 2019
Authored by LiquidWorm | Site zeroscience.mk

WordPress OneSignal plugin version 1.17.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 19cd11fce2ebe3bf42676b53160a66cb
FaceSentry Access Control System 6.4.8 Cleartext Password Storage
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 credentials used for accessing the web front end are stored unencrypted on the device in /faceGuard/database/FaceSentryWeb.sqlite.

tags | exploit, web
MD5 | 2280176abe89766f9a58ac9b23978977
FaceSentry Access Control System 6.4.8 Authentication Credential Disclosure
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 suffers from a cleartext transmission of sensitive information. This allows a remote attacker to intercept the HTTP Cookie authentication credentials via a man-in-the-middle attack.

tags | exploit, remote, web
MD5 | f08f9cdccfb33e4587804f10becb1fc0
FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'msg' parameter (GET) in pluginInstall.php script. An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing, as well as other attacks.

tags | exploit, arbitrary, php, vulnerability, xss
MD5 | 4b4dab0df321f565a9ff46178b0c3e27
FaceSentry Access Control System 6.4.8 Remote SSH Root Access
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 facial biometric access control appliance ships with hard-coded and weak credentials for SSH access on port 23445 using the credentials wwwuser:123456. The root privilege escalation is done by abusing the insecure sudoers entry file.

tags | exploit, root
MD5 | 90d6fd7e6bddb33ce1e0aa6497d8fa7b
FaceSentry Access Control System 6.4.8 Remote Root
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.

tags | exploit, arbitrary, shell, root, php
MD5 | dd18875e9898a4dc1ba25878fabbd4ac
FaceSentry Access Control System 6.4.8 Cross Site Request Forgery
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

The FaceSentry Access Control System version 6.4.8 application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

tags | exploit, web
MD5 | 681e6ef4cde9392b774fb4cacb5c752f
FaceSentry Access Control System 6.4.8 Remote Command Injection
Posted Jul 1, 2019
Authored by LiquidWorm | Site zeroscience.mk

FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and tcpPortTest PHP scripts.

tags | exploit, arbitrary, shell, root, php
MD5 | 199e4f309260b0968b822e4736a02fc7
Huawei eSpace 1.1.11.103 Meeting Heap Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 Meeting suffers from a heap-based memory overflow vulnerability when parsing large amount of bytes to the 'strNum' string parameter in GetNameyNum() in 'ContactsCtrl.dll' and 'strName' string parameter in SetUserInfo() in eSpaceStatusCtrl.dll library, resulting in heap memory corruption. An attacker can gain access to the system of the affected node and execute arbitrary code.

tags | exploit, overflow, arbitrary
advisories | CVE-2014-9418
MD5 | 43fe6543f8cb002cb254160219802dbf
Huawei eSpace 1.1.11.103 Meeting Image File Format Handling Buffer Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 Meeting conference whiteboard functionality is vulnerable to a buffer overflow issue when inserting known image file formats. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

tags | exploit, overflow, arbitrary
advisories | CVE-2014-9417
MD5 | c36d1acbfc97338fa91b2582495a9065
Huawei eSpace 1.1.11.103 Unicode Stack Buffer Overflow
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace Meeting cenwpoll.dll unicode stack buffer overflow exploit with SEH overwrite.

tags | exploit, overflow
advisories | CVE-2014-9415
MD5 | b8123371cc62e9e56ed5c1b8a3190dbf
Huawei eSpace 1.1.11.103 DLL Hijacking
Posted May 17, 2019
Authored by LiquidWorm | Site zeroscience.mk

Huawei eSpace version 1.1.11.103 suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file (.html, .jpg, .png) located on a remote WebDAV or SMB share.

tags | exploit, remote, arbitrary
advisories | CVE-2014-9416
MD5 | 164434fe76b34f5ac83975379ce13f13
SEL AcSELerator Architect 2.2.24 Denial Of Service
Posted May 16, 2019
Authored by LiquidWorm | Site zeroscience.mk

SEL AcSELerator Architect version 2.2.24 suffers from a CPU exhaustion denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2018-10608
MD5 | f89167b20fd02592d6e08fff3a0dad89
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Scripting
Posted May 15, 2019
Authored by LiquidWorm | Site zeroscience.mk

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 37cc6714e890b2dc08deaff38c6e50c7
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery
Posted May 15, 2019
Authored by LiquidWorm | Site zeroscience.mk

Legrand BTicino Driver Manager F454 version 1.0.51 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | a9a48790d3c6f306e33b3ea8ba7ec362
SOCA Access Control System 180612 Cross Site Request Forgery
Posted May 13, 2019
Authored by LiquidWorm | Site zeroscience.mk

SOCA Access Control System version 180612 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | bdedb2795a15fd26c760e099b2a06978
SOCA Access Control System 180612 SQL Injection
Posted May 13, 2019
Authored by LiquidWorm | Site zeroscience.mk

SOCA Access Control System version 180612 suffers from remote SQL injection vulnerabilities that allow for authentication bypass.

tags | exploit, remote, vulnerability, sql injection
MD5 | 97129f56738d71ee95288b47dbdca24b
SOCA Access Control System 180612 Cross Site Scripting
Posted May 13, 2019
Authored by LiquidWorm | Site zeroscience.mk

SOCA Access Control System version 180612 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | a1efb58554027e840d0960fbb0a4042b
SOCA Access Control System 180612 Information Disclosure
Posted May 13, 2019
Authored by LiquidWorm | Site zeroscience.mk

SOCA Access Control System version 180612 suffers from insecure direct object reference vulnerabilities that leak information like password hashes.

tags | exploit, vulnerability
MD5 | 05aac263667e5359a5843b881026de84
Ross Video DashBoard 8.5.1 Insecure Permissions
Posted Apr 23, 2019
Authored by LiquidWorm | Site zeroscience.mk

Ross Video DashBoard version 8.5.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'M' flag (Modify) or 'C' flag (Change) for 'Authenticated Users' group.

tags | exploit
MD5 | 213fc44c941da29b2eaecd65db51c680
exacqVision 9.8 Unquoted Service Path Privilege Escalation
Posted Mar 18, 2019
Authored by LiquidWorm | Site zeroscience.mk

exacqVision version 9.8 suffers from an unquoted search path issue impacting the services exacqVisionServer, dvrdhcpserver and mdnsresponder for Windows deployed as part of exacqVision software application. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, arbitrary, local, root
systems | windows
MD5 | 98a9960106f1cef1cf55ce4666251455
Page 3 of 27
Back12345Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close