Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2019-25243 EXPLOITDB HIGH text WORKING POC
FaceSentry 6.4.8 - Command Injection
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
CVSS 8.8
CVE-2019-25242 EXPLOITDB MEDIUM text WORKING POC
FaceSentry Access Control System 6.4.8 - CSRF
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.
CVSS 4.3
CVE-2019-25241 EXPLOITDB CRITICAL python WORKING POC
FaceSentry Access Control System <6.4.8 - Privilege Escalation
FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
CVSS 9.8
CVE-2019-25240 EXPLOITDB CRITICAL bash WORKING POC
Rifatron 5brid DVR - Unauthenticated Access
Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
CVSS 9.8
CVE-2019-25239 EXPLOITDB HIGH text WORKING POC
V-SOL GPON/EPON OLT Platform 2.03 - Info Disclosure
V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
CVSS 7.5
CVE-2019-25236 EXPLOITDB CRITICAL bash WORKING POC
iSeeQ Hybrid DVR WH-H4 1.03R - Info Disclosure
iSeeQ Hybrid DVR WH-H4 1.03R contains an unauthenticated vulnerability in the get_jpeg script that allows unauthorized access to live video streams. Attackers can retrieve video snapshots from specific camera channels by sending requests to the /cgi-bin/get_jpeg endpoint without authentication.
CVSS 9.8
CVE-2019-25234 EXPLOITDB MEDIUM text WORKING POC
SmartHouse Webapp 6.5.33 - CSRF/XSS
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters.
CVSS 5.3
CVE-2019-25233 EXPLOITDB MEDIUM text WORKING POC
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery and Cross-Site Scripting via login.php
AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions.
CVSS 5.3
CVE-2018-25156 EXPLOITDB MEDIUM html WORKING POC
Teradek Cube 7.3.6 - Cross-Site Request Forgery via Password Change Request
Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.
CVSS 4.3
CVE-2018-25155 EXPLOITDB MEDIUM html WORKING POC
Teradek Slice 7.3.15 - Cross-Site Request Forgery
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.
CVSS 4.3
CVE-2018-25154 EXPLOITDB CRITICAL text WORKING POC
GNU Barcode 0.99 - Buffer Overflow in Code 93 Encoding
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
CVSS 9.8
CVE-2018-25149 EXPLOITDB MEDIUM html WORKING POC
Microhard Systems IPn4G 1.1.0 - CSRF
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
CVSS 6.5
CVE-2018-9161 EXPLOITDB CRITICAL text WRITEUP
Prisma Industriale Checkweigher PrismaWEB 1.21 - Use of Hard-coded Credentials
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
CVSS 9.8
CVE-2018-25148 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Authenticated RCE
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.
CVSS 8.8
CVE-2018-25147 EXPLOITDB HIGH text WRITEUP
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
CVSS 7.5
CVE-2018-25146 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
CVSS 8.1
CVE-2018-25145 EXPLOITDB MEDIUM text WORKING POC
Microhard Systems IPn4G 1.1.0 - Info Disclosure
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.
CVSS 6.5
CVE-2018-25144 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Auth Bypass
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.
CVSS 8.4
CVE-2018-25143 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.
CVSS 8.8
CVE-2018-25142 EXPLOITDB CRITICAL text WORKING POC
NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
CVSS 9.8
CVE-2018-25141 EXPLOITDB HIGH text WRITEUP
FLIR thermal traffic cameras - Info Disclosure
FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication.
CVSS 7.5
CVE-2018-25140 EXPLOITDB HIGH python WORKING POC
FLIR thermal traffic cameras - SSRF
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication.
CVSS 7.5
CVE-2018-25139 EXPLOITDB HIGH text WORKING POC
FLIR AX8 Thermal Camera <1.32.16 - Info Disclosure
FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.
CVSS 7.5
CVE-2018-25138 EXPLOITDB CRITICAL text WRITEUP
FLIR AX8 Thermal Camera 1.32.16 - Auth Bypass
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.
CVSS 9.8
CVE-2018-25137 EXPLOITDB HIGH text WORKING POC
FLIR Brickstream 3D+ <2.1.742.1842 - Info Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation.
CVSS 7.5