Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2020-36915 EXPLOITDB HIGH text WRITEUP
Adtec Digital SignEdje <2.08.28 - Unauthenticated RCE
Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions.
CVSS 7.5
CVE-2020-36909 EXPLOITDB MEDIUM text WORKING POC
SnapGear Management Console SG560 3.1.5 - Privilege Escalation
SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the edit_config_files CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/edit_config_files to access and modify files outside the intended /etc/config/ directory.
CVSS 6.5
CVE-2020-36907 EXPLOITDB HIGH bash WORKING POC
Aerohive HiveOS - DoS
Aerohive HiveOS contains a denial of service vulnerability in the NetConfig UI that allows unauthenticated attackers to render the web interface unusable. Attackers can send a crafted HTTP request to the action.php5 script with specific parameters to trigger a 5-minute service disruption.
CVSS 7.5
CVE-2020-36906 EXPLOITDB MEDIUM text WORKING POC
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form.
CVSS 4.3
CVE-2020-36905 EXPLOITDB HIGH text WORKING POC
FIBARO System Home Center 5.021 - RCE
FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content.
CVSS 7.5
CVE-2020-36904 EXPLOITDB HIGH text WORKING POC
Selea CarPlateServer 4.0.1.6 - RCE
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands.
CVSS 7.5
CVE-2020-36903 EXPLOITDB HIGH text WRITEUP
Selea CarPlateServer 4.0.1.6 - Privilege Escalation
Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot.
CVSS 8.4
CVE-2020-36902 EXPLOITDB CRITICAL text WORKING POC
UBICOD Medivision Digital Signage 1.5.1 - Auth Bypass
UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request to /html/user with 'ft[grp]' set to integer value '3' to gain super admin rights without authentication.
CVSS 9.8
CVE-2020-36901 EXPLOITDB HIGH text WORKING POC
UBICOD Medivision Digital Signage 1.5.1 - CSRF
UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that submits a form to the /query/user/itSet endpoint to add a new admin user with elevated privileges.
CVSS 8.8
CVE-2020-36900 EXPLOITDB HIGH text WORKING POC
All-Dynamics Digital Signage System 2.0.2 - CSRF
All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global administrative privileges when a logged-in user visits the page.
CVSS 8.8
CVE-2020-36899 EXPLOITDB HIGH text WORKING POC
QiHang Media Web Digital Signage 3.0.9 - Info Disclosure
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can exploit the QH.aspx endpoint to read arbitrary files and directory contents without authentication by manipulating download and getAll actions.
CVSS 7.5
CVE-2020-36898 EXPLOITDB CRITICAL text WORKING POC
QiHang Media Web Digital Signage 3.0.9 - Path Traversal
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary files with web server permissions using directory traversal sequences.
CVSS 9.1
CVE-2020-36896 EXPLOITDB HIGH text WORKING POC
QiHang Media Web Digital Signage 3.0.9 - Auth Bypass
QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve hardcoded admin credentials by requesting the '/xml/User/User.xml' file, enabling direct authentication bypass.
CVSS 7.5
CVE-2020-36895 EXPLOITDB HIGH text WORKING POC
EIBIZ i-Media Server Digital Signage 3.8.0 - Info Disclosure
EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.
CVSS 7.5
CVE-2020-36893 EXPLOITDB HIGH text WORKING POC
Eibiz i-Media Server Digital Signage 3.8.0 - Path Traversal
Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the 'oldfile' GET parameter to view sensitive configuration files like web.xml and system files such as win.ini.
CVSS 7.5
CVE-2020-36888 EXPLOITDB MEDIUM text WRITEUP
SpinetiX Fusion Digital Signage 3.4.8 - Info Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing the server's error responses.
CVSS 5.3
CVE-2020-36887 EXPLOITDB HIGH text WORKING POC
SpinetiX Fusion Digital Signage <3.4.8 - Info Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.
CVSS 7.5
CVE-2020-36886 EXPLOITDB HIGH text WORKING POC
SpinetiX Fusion Digital Signage 3.4.8 - CSRF
SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full system privileges when a logged-in user visits the page.
CVSS 8.8
CVE-2020-36884 EXPLOITDB MEDIUM text WORKING POC
BrightSign Digital Signage Diagnostic Web Server <8.2.26 - SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.
CVE-2020-36883 EXPLOITDB HIGH text WORKING POC
SpinetiX Fusion Digital Signage <3.4.8 - Path Traversal
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.
CVSS 8.1
CVE-2020-36877 EXPLOITDB CRITICAL text WORKING POC
ReQuest Serious Play F3 Media Server 7.0.3 - RCE
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.
CVE-2020-36876 EXPLOITDB HIGH text WRITEUP
ReQuest Serious Play F3 Media Server <7.0.3.4968 - Info Disclosure
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.
CVE-2020-36872 EXPLOITDB HIGH text WORKING POC
BACnet Test Server <=1.01 - DoS
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.
CVE-2020-36908 EXPLOITDB MEDIUM text WORKING POC
SnapGear Management Console SG560 3.1.5 - CSRF
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.
CVSS 5.3
CVE-2019-25325 EXPLOITDB HIGH text WORKING POC
Thrive Smart Home 1.1 - SQL Injection
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
CVSS 8.2