Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2021-4463 EXPLOITDB HIGH text WORKING POC
Longjing Technology BEMS API <=1.21 - Info Disclosure
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
CVE-2021-47731 EXPLOITDB CRITICAL text WORKING POC
Selea Targa IP OCR-ANPR Camera - Info Disclosure
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.
CVSS 9.8
CVE-2021-47730 EXPLOITDB HIGH html WORKING POC
Selea Targa IP OCR-ANPR Camera - CSRF
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
CVSS 8.8
CVE-2021-47729 EXPLOITDB MEDIUM text WORKING POC
Selea Targa IP OCR-ANPR Camera - XSS
Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.
CVSS 5.4
CVE-2021-47727 EXPLOITDB MEDIUM text WRITEUP
Selea Targa IP OCR-ANPR Camera - Info Disclosure
Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.
CVSS 5.3
CVE-2021-47726 EXPLOITDB HIGH text WORKING POC
NuCom 11N Wireless Router 5.07.90 - Privilege Escalation
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to retrieve and decode the admin password in Base64 format.
CVSS 7.5
CVE-2021-47723 EXPLOITDB HIGH html WORKING POC
STVS ProVision 5.9.10 - CSRF
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
CVSS 8.8
CVE-2021-47722 EXPLOITDB LOW text WORKING POC
Zucchetti Axess CLOKI Access Control 1.64 - CSRF
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.
CVSS 3.5
CVE-2021-47719 EXPLOITDB HIGH text WORKING POC
COMMAX WebViewer ActiveX Control 2.1.4.5 - Buffer Overflow
COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer overflow conditions and potentially gain code execution.
CVE-2021-47718 EXPLOITDB HIGH text WRITEUP
Openbmcs - Information Disclosure
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
CVSS 7.5
CVE-2021-47717 EXPLOITDB MEDIUM text WRITEUP
IntelliChoice eFORCE Software Suite 2.5.9 - Info Disclosure
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
CVE-2021-47710 EXPLOITDB HIGH text WORKING POC
COMMAX Smart Home System - Info Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint.
CVE-2021-47709 EXPLOITDB HIGH text WORKING POC
COMMAX Smart Home System - DoS
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
CVE-2021-47708 EXPLOITDB CRITICAL text WORKING POC
COMMAX Smart Home System CDP-1020n - SQL Injection
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
CVE-2021-47707 EXPLOITDB CRITICAL text WORKING POC
COMMAX CVD-Axx DVR 5.1.4 - Info Disclosure
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
CVE-2021-47706 EXPLOITDB HIGH text WORKING POC
COMMAX Biometric Access Control System 1.0.0 - Auth Bypass
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
CVE-2021-47703 EXPLOITDB HIGH text WORKING POC
Openbmcs - SSRF
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
CVSS 7.2
CVE-2021-47702 EXPLOITDB MEDIUM text WORKING POC
Openbmcs - CSRF
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.
CVSS 4.3
CVE-2021-47739 EXPLOITDB HIGH text WRITEUP
Epic Games Easy Anti-Cheat 4.0 - Code Injection
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute with LocalSystem privileges during application startup.
CVSS 8.4
CVE-2021-28271 EXPLOITDB HIGH text WRITEUP
Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
CVSS 8.8
CVE-2021-28269 EXPLOITDB HIGH text WRITEUP
Soyal Technology 701Client <9.0.1 - Privilege Escalation
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
CVSS 8.8
CVE-2020-36924 EXPLOITDB MEDIUM text WORKING POC
Sony BRAVIA Digital Signage 1.7.8 - RCE
Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type.
CVSS 6.1
CVE-2020-36922 EXPLOITDB HIGH text WORKING POC
Sony BRAVIA Digital Signage <1.7.8 - Info Disclosure
Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API.
CVSS 7.5
CVE-2020-36918 EXPLOITDB MEDIUM text WORKING POC
iDS6 DSSPro Digital Signage System 6.2 - CSRF
iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the lack of CSRF protections.
CVSS 4.3
CVE-2020-36916 EXPLOITDB HIGH text WRITEUP
TDM Digital Signage PC Player 4.1.0.4 - Privilege Escalation
TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access.
CVSS 8.8