Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2019-25291 EXPLOITDB HIGH text WRITEUP
INIM Electronics Smartliving SmartLAN/G/SI <=6.x - Info Disclosure
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.
CVSS 7.5
CVE-2020-22001 EXPLOITDB CRITICAL text WORKING POC
Homeautomation - Authentication Bypass by Spoofing
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
CVSS 9.8
CVE-2020-22000 EXPLOITDB HIGH text WORKING POC
Homeautomation - CSRF
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
CVSS 8.0
CVE-2020-21999 EXPLOITDB HIGH python WORKING POC
IWT Facesentry Access Control System Firmware - OS Command Injection
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
CVSS 8.8
CVE-2020-21996 EXPLOITDB HIGH text WORKING POC
AVE Dominaplus < 1.10.77 - Missing Authentication
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
CVSS 7.5
CVE-2020-21995 EXPLOITDB CRITICAL text WRITEUP
Inim Smartliving 505 Firmware < 6.0 - Hard-coded Credentials
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
CVSS 9.8
CVE-2020-21994 EXPLOITDB CRITICAL text WORKING POC
AVE Dominaplus < 1.10.77 - Insufficiently Protected Credentials
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
CVSS 9.8
CVE-2020-21991 EXPLOITDB CRITICAL text WORKING POC
AVE Dominaplus < 1.10.77 - Authentication Bypass
AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
CVSS 9.8
CVE-2020-21989 EXPLOITDB HIGH text WORKING POC
Homeautomation - CSRF
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
CVSS 8.8
CVE-2020-21987 EXPLOITDB MEDIUM text WORKING POC
Homeautomation - XSS
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
CVSS 6.1
CVE-2019-25259 EXPLOITDB MEDIUM html WORKING POC
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - CSRF
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
CVSS 5.3
CVE-2019-25258 EXPLOITDB HIGH text WORKING POC
LogicalDOC Enterprise 7.7.4 - Info Disclosure
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
CVSS 7.5
CVE-2019-25257 EXPLOITDB MEDIUM text WORKING POC
LogicalDOC Enterprise 7.7.4 - Command Injection
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
CVSS 6.5
CVE-2019-25256 EXPLOITDB MEDIUM text WORKING POC
VideoFlow Digital Video Protection DVP 2.10 - Path Traversal
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers to access arbitrary system files through unvalidated 'ID' parameters. Attackers can exploit multiple Perl scripts like downloadsys.pl to read sensitive files by manipulating directory path traversal in download requests.
CVSS 6.5
CVE-2019-25255 EXPLOITDB MEDIUM text WRITEUP
VideoFlow DVP 2.10 - Authenticated RCE
VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit the vulnerability through a cross-site request forgery (CSRF) mechanism to gain unauthorized system access.
CVSS 4.3
CVE-2019-25254 EXPLOITDB HIGH text WORKING POC
KYOCERA Net Admin 3.4.0906 - CSRF
KYOCERA Net Admin 3.4.0906 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft malicious web pages that automatically submit forms to add new admin accounts with predefined credentials when a logged-in user visits the page.
CVSS 8.8
CVE-2019-25253 EXPLOITDB HIGH text WORKING POC
KYOCERA Net Admin 3.4.0906 - XXE Injection
KYOCERA Net Admin 3.4.0906 contains an XML External Entity (XXE) injection vulnerability in the Multi-Set Template Editor that allows unauthenticated attackers to read arbitrary system files. Attackers can craft a malicious XML file with external entity references to retrieve sensitive configuration data like database credentials through an out-of-band channel attack.
CVSS 7.5
CVE-2019-25252 EXPLOITDB MEDIUM html WORKING POC
Teradek VidiU Pro 3.0.3 - CSRF
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
CVSS 4.3
CVE-2019-25251 EXPLOITDB MEDIUM text WORKING POC
Teradek VidiU Pro 3.0.3 - SSRF
Teradek VidiU Pro 3.0.3 contains a server-side request forgery vulnerability in the management interface that allows attackers to manipulate GET parameters 'url' and 'xml_url'. Attackers can exploit this flaw to bypass firewalls, initiate network enumeration, and potentially trigger external HTTP requests to arbitrary destinations.
CVSS 6.5
CVE-2019-25248 EXPLOITDB HIGH text WRITEUP
Beward N100 M2.1.6.04C014 - Info Disclosure
Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.
CVSS 7.5
CVE-2019-25247 EXPLOITDB MEDIUM html WORKING POC
Beward N100 H.264 VGA IP Camera M2.1.6 - CSRF
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.
CVSS 5.3
CVE-2019-25246 EXPLOITDB HIGH text WORKING POC
Beward N100 H.264 VGA IP Camera M2.1.6 - Info Disclosure
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and /etc/issue by supplying absolute file paths.
CVSS 8.8
CVE-2019-25245 EXPLOITDB HIGH text WRITEUP
Ross Video DashBoard 8.5.1 - Privilege Escalation
Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable.
CVSS 8.8
CVE-2019-25244 EXPLOITDB MEDIUM text WORKING POC
Legrand BTicino Driver Manager F454 1.0.51 - CSRF, XSS
Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters.
CVSS 5.3
CVE-2019-25243 EXPLOITDB HIGH text WORKING POC
FaceSentry 6.4.8 - Command Injection
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
CVSS 8.8