Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2015-7903 EXPLOITDB WORKING POC
Infinite Automation Mango Automation <2.6.0 - SQL Injection
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2025-34035 EXPLOITDB CRITICAL python WORKING POC
EnGenius EnShare Cloud Service <1.4.11 - Command Injection
An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise. Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC.
CVSS 9.8
CVE-2025-34022 EXPLOITDB CRITICAL text WORKING POC
Selea Targa IP OCR-ANPR - Path Traversal
A path traversal vulnerability exists in multiple models of Selea Targa IP OCR-ANPR cameras, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The /common/get_file.php script in the “Download Archive in Storage” page fails to properly validate user-supplied input to the file parameter. Unauthenticated remote attackers can exploit this vulnerability to read arbitrary files on the device, including sensitive system files containing cleartext credentials, potentially leading to authentication bypass and exposure of system information. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
CVE-2025-34021 EXPLOITDB HIGH text WORKING POC
Selea Targa IP OCR-ANPR Camera - Server-Side Request Forgery via JSON POST Parameters
A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate user-supplied input in JSON POST parameters such as ipnotify_address and url, which are used by internal mechanisms to perform image fetch and DNS lookups. This allows remote unauthenticated attackers to induce the system to make arbitrary HTTP requests to internal or external systems, potentially bypassing firewall policies or conducting internal service enumeration. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.
CVE-2024-58277 EXPLOITDB HIGH text WORKING POC
R Radio Network FM Transmitter 1.07 - Info Disclosure
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.
CVE-2023-53970 EXPLOITDB HIGH python WORKING POC
Screen SFT DAB 600/C Firmware 1.9.3 - Auth Bypass
Screen SFT DAB 600/C Firmware 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP-bound session identifiers. Attackers can exploit the vulnerable deviceManagement API endpoint to reset device configurations by sending crafted POST requests with manipulated session parameters.
CVSS 7.5
CVE-2023-53968 EXPLOITDB CRITICAL python WORKING POC
Screen SFT DAB 600/C Firmware 1.9.3 - Auth Bypass
Screen SFT DAB 600/C Firmware 1.9.3 contains a session management vulnerability that allows attackers to bypass authentication controls by exploiting IP address session binding. Attackers can reuse the same IP address and issue unauthorized requests to the userManager API to remove user accounts without proper authentication.
CVSS 9.8
CVE-2023-53967 EXPLOITDB HIGH python WORKING POC
Screen SFT DAB 600/C 1.9.3 - Auth Bypass
Screen SFT DAB 600/C firmware 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without requiring the current credentials. Attackers can exploit the userManager.cgx API endpoint by sending a crafted POST request with a new MD5-hashed password to directly modify the admin account's authentication.
CVSS 7.5
CVE-2023-53965 EXPLOITDB HIGH text WRITEUP
SOUND4 Server Service 4.1.102 - Privilege Escalation
SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during service startup.
CVSS 8.4
CVE-2023-53963 EXPLOITDB CRITICAL text WORKING POC
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Command Injection
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the 'password' POST parameter to execute commands with web server privileges.
CVSS 9.8
CVE-2024-58338 EXPLOITDB CRITICAL text WORKING POC
Anevia Flamingo XL 3.2.9 - OS Command Injection via Traceroute Command
Anevia Flamingo XL 3.2.9 contains a restricted shell vulnerability that allows remote attackers to escape the sandboxed environment through the traceroute command. Attackers can exploit the traceroute command to inject shell commands and gain full root access to the device by bypassing the restricted login environment.
CVSS 10.0
CVE-2023-53955 EXPLOITDB CRITICAL text WRITEUP
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Auth Bypass
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an insecure direct object reference vulnerability that allows attackers to bypass authorization and access hidden system resources. Attackers can exploit the vulnerability by manipulating user-supplied input to execute privileged functionalities without proper authentication.
CVSS 9.8
CVE-2023-53893 EXPLOITDB MEDIUM text WORKING POC
Ateme TITAN File 3.9.12.4 - Authenticated Server-Side Request Forgery via Job Callback URL Parameter
Ateme TITAN File 3.9.12.4 contains an authenticated server-side request forgery vulnerability in the job callback URL parameter that allows attackers to bypass network restrictions. Attackers can exploit the unvalidated parameter to initiate file, service, and network enumeration by forcing the application to make HTTP, DNS, or file requests to arbitrary destinations.
CVSS 6.5
CVE-2023-53776 EXPLOITDB HIGH python WORKING POC
Screen SFT DAB 1.9.3 - Authentication Bypass via Session Fixation
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to the device management API by leveraging the session binding mechanism to perform critical operations on the transmitter.
CVSS 8.8
CVE-2023-53773 EXPLOITDB MEDIUM text WORKING POC
MiniDVBLinux < 5.4 - Unauthenticated Live Stream Snapshot Generation via tv_action.sh
MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication.
CVSS 5.3
CVE-2023-53771 EXPLOITDB CRITICAL text WORKING POC
MiniDVBLinux 5.4 - Unauthenticated Root Password Change via System Setup Endpoint
MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.
CVSS 9.8
CVE-2023-53770 EXPLOITDB HIGH text WORKING POC
MiniDVBLinux 5.4 - Unauthenticated Sensitive Configuration Download via Backup Endpoint
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.
CVSS 7.5
CVE-2023-53741 EXPLOITDB HIGH python WORKING POC
Screen SFT DAB Series - Compact Radio DAB Transmitter 1.9.3 - Authentication Bypass via IP Session Reuse
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
CVSS 8.1
CVE-2023-53740 EXPLOITDB CRITICAL python WORKING POC
Screen SFT DAB Series 1.9.3 - Unauthenticated Authentication Bypass via userManager.cgx Endpoint
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
CVSS 9.8
CVE-2025-25037 EXPLOITDB CRITICAL python WORKING POC
Aquatronica Controller System <= 5.1.6 - Information Disclosure
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.
CVE-2023-7328 EXPLOITDB MEDIUM text WORKING POC
Screen SFT DAB 600/C Firmware <= 1.9.3 - Unauthenticated Information Disclosure via User Management API
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
CVSS 5.3
CVE-2022-50800 EXPLOITDB HIGH text WRITEUP
H3C SSL VPN 1.1 - User Enumeration via Login Script Credential Verification
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
CVSS 7.5
CVE-2022-50799 EXPLOITDB HIGH python WORKING POC
Fetch Softworks Fetch FTP Client 5.8.2 - Denial of Service via Long FTP Server Response
Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application.
CVSS 7.5
CVE-2020-37148 EXPLOITDB LOW text WORKING POC
P5 FNIP-8x16A/FNIP-4xSH <1.0.20, 1.0.11 - XSS
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
CVSS 3.5
CVE-2020-37118 EXPLOITDB LOW text WORKING POC
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.
CVSS 3.5