exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 919 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2024-08-20
View User Profile
Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijacking
Posted Feb 28, 2023
Authored by LiquidWorm | Site zeroscience.mk

Osprey Pump Controller version 1.0.1 has an ELF binary called Mirage_CreateSessionCode.x that contains a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass attacks. Further, session hijacking is possible due to MitM attack exploiting clear-text transmission of sensitive data including session token in URL. Session ID predictability and randomness analysis of the variable areas of the Session ID was conducted and discovered a predictable pattern. The low entropy is generated by using four IVs comprised of username, password, ip address and hostname.

tags | exploit
SHA-256 | c8c912e59b9a37815a739a0d4d3f99c9a8dc498a0057fd0f61996c7efe006205
SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow
Posted Feb 9, 2023
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 LinkAndShare Transmitter version 1.1.2 suffers from a format string memory leak and stack buffer overflow vulnerability because it fails to properly sanitize user supplied input when calling the getenv() function from MSVCR120.DLL resulting in a crash overflowing the memory stack and leaking sensitive information. The attacker can abuse the username environment variable to trigger and potentially execute code on the affected system.

tags | exploit, overflow, memory leak
SHA-256 | 08bed1643ca8fe7e52102e53c1b987d059eaa3806e683bad069e20c052d613ef
Broadcast Signal Intrusion - Hacking Radio Stations
Posted Jan 30, 2023
Authored by LiquidWorm | Site zeroscience.mk

This paper goes over common components of broadcast systems, how hackers take advantage of them, and discusses some of the vulnerabilities discovered.

tags | exploit, paper, vulnerability
SHA-256 | 1467a96747d9321ba7a659e074789337bc6efc1d4621b6ec26b5fdf38e1ca678
Hughes Satellite Router Remote File Inclusion Cross Frame Scripting
Posted Dec 29, 2022
Authored by LiquidWorm | Site zeroscience.mk

Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application. Affected versions include HX200 8.3.1.14, HX90 6.11.0.5, HX50L 6.10.0.18, HN9460 8.2.0.48, and HN7000S 6.9.0.37.

tags | exploit, remote, file inclusion
SHA-256 | 01732a937c344613efd7c1ef744f546511c874deecd845ef0ca2d232baf0e177
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated Factory Reset
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated factory reset vulnerability in restorefactory.cgi.

tags | exploit, cgi
SHA-256 | 1a0c507a2c0f666f15e332c7934c5598e8049b69d4e09f06340c0fbb87d33517
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated remote code execution vulnerability in upload.cgi.

tags | exploit, remote, cgi, code execution
SHA-256 | 3c3c6d279fd591ebe7b26f14524ac53bdce85b020d4fd8b0674e18a3fd734b58
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x traceroute.php Conditional Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a conditional command injection vulnerability in traceroute.php.

tags | exploit, php
SHA-256 | 493fb94bb96a88e40abd33e5eccebbff52f80b0de903d6bad482c12681edc5d7
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username related unauthenticated command injection vulnerability.

tags | exploit
SHA-256 | 2a1af0e2d214afa5a71f6409fc8b889a191a4e4d6f778f1364c588cf61c2226b
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a password related unauthenticated command injection vulnerability.

tags | exploit
SHA-256 | 87e9bc33ec95ac9d66ff2caa9f5d4d61dc4d76eb1934816979fa04a477330ee1
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x services Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a services related authenticated command injection vulnerability.

tags | exploit
SHA-256 | eabf1351cb8311b07b8d38944e52c0f4bf4ac3fe1c2b689f78f5b11f2d93e684
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Unauthenticated File Disclosure
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from an unauthenticated file disclosure vulnerability.

tags | exploit
SHA-256 | 7704f2528e64a6579efda9376329311cb012f4d49f395092704e4f19b6d37559
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ping.php Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in ping.php.

tags | exploit, php
SHA-256 | ade832b5db9e3a83e1ab939037cf7ceb6613442fdf7944335ad9f3f638d97f84
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Radio Steam Disclosure
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated radio stream disclosure vulnerability.

tags | exploit
SHA-256 | a313ea09e9877322d75ec4247416a055ed39d1c82bf035cde8f0bae23fb0995b
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x dns.php Command Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x and below suffer from a conditional command injection vulnerability in dns.php.

tags | exploit, php
SHA-256 | 29a3f77080209e96ce853753006ab37df305d0ac4c6d034a7504f2376215c2ba
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Information Disclosure
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 008dfa5273043e47d602b15d8b45f577f0efeb0830579239c807aae59d59f1b3
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Persistent Cross Site Scripting
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 379a2eb9b0acd18a7331a425186d83e32dc1d0d61a8581a459514c544f78c49e
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal / File Write
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated directory traversal file write vulnerability.

tags | exploit
SHA-256 | ad43cb010a75d501644d98cc356e5a1773a27450473ecc223ae22abfadcf5f56
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Hardcoded Credentials
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a hardcoded credential vulnerability.

tags | exploit
SHA-256 | 7dd7f164ff19a003d130c7f05a19965ba2b4b13c87933a6e3767ae2d3e587969
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x ICMP Flood Attack
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allow an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilization of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.

tags | exploit, arbitrary, php
SHA-256 | 81c669280d4737e923eb0b0a5259214bbdd51f21c8109143eeadbef36025d06c
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x username SQL Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username SQL injection vulnerability that allows for authentication bypass.

tags | exploit, sql injection
SHA-256 | ebd0817677a6a623ce0af3acaebf98d3a0395b2b1e5640dddf877c40914c1350
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x password SQL Injection
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a password SQL injection vulnerability that allows for authentication bypass.

tags | exploit, sql injection
SHA-256 | 570c92684bee96b2173b72286ae8616f4c83d4410e62a0cd97cfd31cc7c71510
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Disconnect Webmonitor User Denial Of Service
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below allows an unauthenticated attacker to disconnect the current monitoring user from listening/monitoring and takeover the radio stream on a specific channel.

tags | exploit
SHA-256 | 51023384825dc840abd709ddec900a91de151bef787b63c5fbd8b007ce3c013d
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Insufficient Session Expiration
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffers from an insufficient session expiration vulnerability.

tags | exploit
SHA-256 | ff2a1471eedafd1bd1327cc46f0166d284f2485f09142cda34a6ae43f1ffe502
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Authorization Bypass
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an authorization bypass due to an insecure direct object reference vulnerability.

tags | exploit
SHA-256 | ce9688c04a33c6f06d9e76e91a40f2fbf1a32abfe28f22584c0ab6856f158e6d
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Cross Site Request Forgery
Posted Dec 15, 2022
Authored by LiquidWorm | Site zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7ad82d8bc844cdfb8173406cc8e5fa3c2feccd6228cf610d090321bbbbac18b5
Page 4 of 37
Back23456Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close