LiquidWorm

790 exploits Active since Jun 2006
CVE-2023-53774 EXPLOITDB CRITICAL text WORKING POC
MiniDVBLinux 5.4 - RCE
MiniDVBLinux 5.4 contains a remote code execution vulnerability in the SVDRP protocol that allows remote attackers to send commands to manipulate TV systems. Attackers can send crafted SVDRP commands through the svdrpsend.sh script to execute messages and potentially control the video disk recorder remotely.
CVSS 9.8
CVE-2023-53773 EXPLOITDB MEDIUM text WORKING POC
MiniDVBLinux 5.4 - Info Disclosure
MiniDVBLinux 5.4 contains an unauthenticated vulnerability in the tv_action.sh script that allows remote attackers to generate live stream snapshots through the Simple VDR Protocol. Attackers can request /tpl/tv_action.sh to create and retrieve a live TV screenshot stored in /var/www/images/tv.jpg without authentication.
CVSS 5.3
CVE-2023-53772 EXPLOITDB HIGH python WORKING POC
MiniDVBLinux 5.4 - Info Disclosure
MiniDVBLinux 5.4 contains an arbitrary file disclosure vulnerability that allows attackers to read sensitive system files through the 'file' GET parameter. Attackers can exploit the about page by supplying file paths to disclose arbitrary file contents on the affected device.
CVSS 7.5
CVE-2023-53771 EXPLOITDB CRITICAL text WORKING POC
MiniDVBLinux 5.4 - Auth Bypass
MiniDVBLinux 5.4 contains an authentication bypass vulnerability that allows remote attackers to change the root password without authentication. Attackers can send crafted POST requests to the system setup endpoint with modified SYSTEM_PASSWORD parameters to reset root credentials.
CVSS 9.8
CVE-2023-53770 EXPLOITDB HIGH text WORKING POC
MiniDVBLinux 5.4 - Info Disclosure
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.
CVSS 7.5
CVE-2023-53741 EXPLOITDB HIGH python WORKING POC
Screen SFT DAB 1.9.3 - Auth Bypass
Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable API by intercepting and reusing established sessions to remove user accounts without proper authorization.
CVSS 8.1
CVE-2023-53740 EXPLOITDB CRITICAL python WORKING POC
Screen SFT DAB 1.9.3 - Auth Bypass
Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify the admin account.
CVSS 9.8
CVE-2023-53739 EXPLOITDB CRITICAL python WORKING POC
Tinycontrol LAN Controller v3 LK3 <1.58a - Info Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.
CVE-2025-25038 EXPLOITDB CRITICAL python WORKING POC
MiniDVBLinux <5.4 - Command Injection
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
CVSS 9.8
CVE-2025-25037 EXPLOITDB CRITICAL python WORKING POC
Aquatronica Controller System <= 5.1.6 - Information Disclosure
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.
CVE-2023-7329 EXPLOITDB HIGH text WORKING POC
Tinycontrol LAN Controller <1.58a - DoS
Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss.
CVE-2023-7328 EXPLOITDB MEDIUM text WORKING POC
Dbbroadcast Sft Dab 600/c Firmware < 1.9.3 - Missing Authentication
Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
CVSS 5.3
CVE-2023-54327 EXPLOITDB CRITICAL text WORKING POC
Tinycontrol Lan Controller Firmware < 1.58a - Missing Authorization
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls and modify administrative credentials.
CVSS 9.8
CVE-2022-50800 EXPLOITDB HIGH text WRITEUP
H3C SSL VPN - Info Disclosure
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
CVSS 7.5
CVE-2022-50799 EXPLOITDB HIGH python WORKING POC
Fetch FTP Client <5.8.2 - DoS
Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application.
CVSS 7.5
CVE-2020-37148 EXPLOITDB LOW text WORKING POC
P5 FNIP-8x16A/FNIP-4xSH <1.0.20, 1.0.11 - XSS
P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the user, allowing attackers to execute arbitrary HTML and script code in a user's browser session in the context of the affected site. This can be exploited by submitting crafted input to the label modification functionality, such as the 'lab4' parameter in config.html.
CVSS 3.5
CVE-2020-37118 EXPLOITDB LOW text WORKING POC
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF
P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.
CVSS 3.5
CVE-2021-4465 EXPLOITDB HIGH text WORKING POC
ReQuest Serious Play F3 Media Server <7.0.3.4968 - DoS
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.
CVE-2021-4463 EXPLOITDB HIGH text WORKING POC
Longjing Technology BEMS API <=1.21 - Info Disclosure
Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory.
CVE-2021-47747 EXPLOITDB HIGH text WORKING POC
meterN 1.2.3 - Authenticated RCE
meterN 1.2.3 contains an authenticated remote code execution vulnerability in admin_meter2.php and admin_indicator2.php scripts. Attackers can exploit the 'COMMANDx' and 'LIVECOMMANDx' POST parameters to execute arbitrary system commands with administrative privileges.
CVSS 8.8
CVE-2021-47745 EXPLOITDB HIGH text WORKING POC
Cypress Solutions CTM-200 2.7.1 - Command Injection
Cypress Solutions CTM-200 2.7.1 contains an authenticated command injection vulnerability in the firmware upgrade script that allows remote attackers to execute shell commands. Attackers can exploit the 'fw_url' parameter in the ctm-config-upgrade.sh script to inject and execute arbitrary commands with root privileges.
CVSS 8.8
CVE-2021-47744 EXPLOITDB HIGH python WORKING POC
Cypress Solutions CTM-200/CTM-ONE <1.3.6 - Code Injection
Cypress Solutions CTM-200/CTM-ONE 1.3.6 contains hard-coded credentials vulnerability in Linux distribution that exposes root access. Attackers can exploit the static 'Chameleon' password to gain remote root access via Telnet or SSH on affected devices.
CVSS 7.5
CVE-2021-47741 EXPLOITDB HIGH text WORKING POC
ZBL EPON ONU Broadband Router V100R001 - Privilege Escalation
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclose the super user password and gain additional privileged functionalities.
CVSS 7.5
CVE-2021-47731 EXPLOITDB CRITICAL text WORKING POC
Selea Targa IP OCR-ANPR Camera - Info Disclosure
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.
CVSS 9.8
CVE-2021-47730 EXPLOITDB HIGH html WORKING POC
Selea Targa IP OCR-ANPR Camera - CSRF
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
CVSS 8.8