exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 917 RSS Feed

Files from LiquidWorm

Real NameGjoko Krstic
Email addressprivate
First Active2007-07-26
Last Active2024-05-30
View User Profile
MiniDVBLinux 5.4 Arbitrary File Read
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux versions 5.4 and below suffer from an arbitrary file disclosure vulnerability.

tags | exploit, arbitrary
SHA-256 | 69d96731d3c498b5f426e741af91e8e43bfa7a49c2a0925103aa5d80b98b0065
MiniDVBLinux 5.4 Remote Root Command Execution
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux version 5.4 suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root through the command GET parameter in /tpl/commands.sh.

tags | exploit, arbitrary, root
SHA-256 | 2bb4ce0464a822e38ee9bcc20631bf3ad836836ac2e15053b5a69988dda50ce9
MiniDVBLinux 5.4 Remote Root Command Injection
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux version 5.4 suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
SHA-256 | e19e04d5e5328c8f948b2f62f7f2a2d8c6c3b2ef2b324f8e880e61bc0db1f5c1
MiniDVBLinux 5.4 Unauthenticated Stream Disclosure
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux versions 5.4 and below suffer from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).

tags | exploit, protocol
SHA-256 | 7a02e7cf0734c411e5e95eff4c56fee10e23d22efe0169ff42aae7db5349ec0e
MiniDVBLinux 5.4 Change Root Password
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.

tags | exploit, root, proof of concept
SHA-256 | 0517758916f5224ee0d63a86e0026b8a9d83c177f294a5ec74c5a0938e44fc11
MiniDVBLinux 5.4 SVDRP Control
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux versions 5.4 and below allows the usage of the SVDRP protocol/commands to be sent by a remote attacker to manipulate and/or remotely control the TV.

tags | exploit, remote, protocol
SHA-256 | 6ca45864b59b9bfcfbf2d0155585603457973998837abe6c8927faea25e9ab5c
MiniDVBLinux 5.4 Configuration Download
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux versions 5.4 and below are vulnerable to an unauthenticated configuration download when a direct object reference is made to the backup function using an HTTP GET request.

tags | exploit, web
SHA-256 | 7ab888db49eea26e9ca7aff5173e0acde777a68547b67c2e28778d0e329d35b7
SoX 14.4.2 Division-By-Zero / Denial Of Service
Posted Sep 19, 2022
Authored by LiquidWorm | Site zeroscience.mk

SoX versions 14.4.2 and below suffer from a division by zero attack when handling WAV files, resulting in denial of service vulnerability and possibly loss of data.

tags | exploit, denial of service
SHA-256 | de24687825a9cff7e5ad1404c4b0d0dc865d45066f152f4d7a7a508384aca180
ETAP Safety Manager 1.0.0.32 Cross Site Scripting
Posted Sep 12, 2022
Authored by LiquidWorm | Site zeroscience.mk

ETAP Safety Manager version 1.0.0.32 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cb949674cf6ac260ae0ea2bcfab1a0d5b6b592e39e3fccecdbd74d5a764a840e
Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) Remote Root
Posted Jul 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric SpaceLogic C-Bus Home Controller (5200WHC2) versions 1.31.460 and below suffer from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands as the root user via the name GET parameter in delsnap.pl Perl/CGI script which is used for deleting snapshots taken from the webcam.

tags | exploit, arbitrary, shell, cgi, root, perl
advisories | CVE-2022-34753
SHA-256 | d419b1daf53d0f565d05d6ba8ea75d7ee176ccb9140c55fa6180d7f9532dc155
Carel pCOWeb HVAC BACnet Gateway 2.1.0 Unauthenticated Directory Traversal
Posted Jul 1, 2022
Authored by LiquidWorm | Site zeroscience.mk

Carel pCOWeb HVAC BACnet Gateway version 2.1.0 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the file GET parameter through the logdownload.cgi bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

tags | exploit, arbitrary, cgi, bash
SHA-256 | 6080b06695bafffc697537b01af1fe9b2c39e6c9237b59563f645f36adbc81cb
Schneider Electric C-Bus Automation Controller (5500SHAC) 1.10 Remote Root
Posted May 30, 2022
Authored by LiquidWorm | Site zeroscience.mk

Schneider Electric C-Bus Automation Controller (5500SHAC) version 1.10 suffers from an authenticated arbitrary command execution vulnerability. An attacker can abuse the Start-up (init) script editor and exploit the script POST parameter to insert malicious Lua script code and execute commands with root privileges that will grant full control of the device.

tags | exploit, arbitrary, root
SHA-256 | 369dcc204aec33824901fd4aa4857bc6bf66d576cc7b23a87a87ff67f445c639
Tenda HG6 3.3.0 Remote Command Injection
Posted May 3, 2022
Authored by LiquidWorm | Site zeroscience.mk

Tenda HG6 version 3.3.0 suffers from a remote command injection vulnerability. It can be exploited to inject and execute arbitrary shell commands through the pingAddr and traceAddr HTTP POST parameters in formPing, formPing6, formTracert and formTracert6 interfaces.

tags | exploit, remote, web, arbitrary, shell
SHA-256 | 49f6e50dad2f50c5f9bee5f1105d5092b826a6f5ba27d2193fc00498390e1373
USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor
Posted Apr 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7.

tags | exploit
systems | linux
SHA-256 | f2b44867a9d3fc671d927368e7311aaf4147f3f58be89622912f7a0f06ebb5cc
Delta Controls enteliTOUCH 3.40.3935 Cookie User Password Disclosure
Posted Apr 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cookie user password disclosure vulnerability.

tags | exploit
SHA-256 | c2881fbdfd83e5084b73c774d6a48d7ea8cc6074ddb613b6d320455618a8a3c0
Delta Controls enteliTOUCH 3.40.3935 Cross Site Scripting
Posted Apr 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 041e8cd64bd7b2f293e27b87159e8111d1c2036b0e159bc4eccd5b8d7613ca58
Delta Controls enteliTOUCH 3.40.3935 Cross Site Request Forgery
Posted Apr 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005 suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 29cb721e83f960d667cf6c98532f19aade113ac4dead4421a2632694ec3913c0
Verizon 4G LTE Network Extender 0.4.038.2131 Weak Credential Algorithm
Posted Apr 13, 2022
Authored by LiquidWorm | Site zeroscience.mk

Verizon's 4G LTE Network Extender is utilizing a weak default admin password generation algorithm. The password is generated using the last 4 values from device's MAC address which is disclosed on the main webUI login page to an unauthenticated attacker. The values are then concatenated with the string LTEFemto resulting in something like LTEFemtoD080 as the default Admin password. Versions GA4.38 through 0.4.038.2131 are affected.

tags | exploit
SHA-256 | 59ce4ad0a80db9115ae14b1ebb563c934a8d4e694bb93586a6f38b338e1ab98d
ICT Protege GX/WX 2.08 Client-Side SHA1 Password Hash Disclosure
Posted Mar 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

ICT Protege GX/WX version 2.08 suffers from a client-side SHA1 password hash disclosure vulnerability.

tags | exploit
SHA-256 | f203bc1b35e3b9d44818d0680ff7a367ed1eac4fa488fe060a5c8a1fec93d479
ICT Protege GX/WX 2.08 Cross Site Scripting
Posted Mar 21, 2022
Authored by LiquidWorm | Site zeroscience.mk

ICT Protege GX/WX version 2.08 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0761967ed7f26d12def00046c1c81a51292379f6aee38f2875fd95654cb59e1a
ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 Remote File Modification
Posted Feb 22, 2022
Authored by LiquidWorm | Site zeroscience.mk

ICL ScadaFlex II SCADA Controllers SC-1/SC-2 version 1.03.07 is vulnerable to unauthenticated file write/overwrite and deletion. This allows an attacker to execute critical file CRUD operations on the device that can potentially allow system access and impact availability.

tags | exploit
advisories | CVE-2022-25359
SHA-256 | 692f4de735fbbad8010644968c54cdfe4e595dc3154860210526aa667a9f2e0c
H3C SSL VPN Username Enumeration
Posted Feb 14, 2022
Authored by LiquidWorm | Site zeroscience.mk

H3C SSL VPN suffers from a username enumeration vulnerability during the login sequence.

tags | exploit
SHA-256 | dfee4cf29211a5243ad88690480fda707d2c3e7a7d71e2ad687f07a80c49882e
Fetch Softworks Fetch FTP Client 5.8 Denial Of Service
Posted Jan 28, 2022
Authored by LiquidWorm | Site zeroscience.mk

Fetch Softworks Fetch FTP Client version 5.8 suffers from a remote CPU consumption denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 39661448198dd708a96b67957a59b551619e612105aace960d22e309d08ca49d
OpenBMCS 2.4 Secret Disclosure
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from a secret disclosure vulnerability.

tags | exploit
SHA-256 | a40e30c16f0d2888ff426295f31b93b41116fcc4eb79213fafc80f0a5c06510b
OpenBMCS 2.4 Remote File Inclusion / Server-Side Request Forgery
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 suffers from remote file inclusion and server-side request forgery vulnerabilities.

tags | exploit, remote, vulnerability, file inclusion
SHA-256 | 505b78cffe8b2f1b771d3702d316ef5c1753e49ac00b67466b0784a71a1ea915
Page 5 of 37
Back34567Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close