LiquidWorm

790 exploits Active since Jun 2006
CVE-2021-47730 EXPLOITDB HIGH html WORKING POC
Selea Targa IP OCR-ANPR Camera - CSRF
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
CVSS 8.8
CVE-2021-47729 EXPLOITDB MEDIUM text WORKING POC
Selea Targa IP OCR-ANPR Camera - XSS
Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.
CVSS 5.4
CVE-2021-47728 EXPLOITDB CRITICAL bash WORKING POC
Selea Targa IP OCR-ANPR Camera - Command Injection
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.
CVSS 9.8
CVE-2021-47727 EXPLOITDB MEDIUM text WRITEUP
Selea Targa IP OCR-ANPR Camera - Info Disclosure
Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.
CVSS 5.3
CVE-2021-47726 EXPLOITDB HIGH text WORKING POC
NuCom 11N Wireless Router 5.07.90 - Privilege Escalation
NuCom 11N Wireless Router 5.07.90 contains a privilege escalation vulnerability that allows non-privileged users to access administrative credentials through the configuration backup endpoint. Attackers can send a crafted HTTP GET request to the backup configuration page with a specific cookie to retrieve and decode the admin password in Base64 format.
CVSS 7.5
CVE-2021-47724 EXPLOITDB MEDIUM text WORKING POC
STVS ProVision 5.9.10 - Authenticated Path Traversal via Archive Download Files Parameter
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
CVSS 6.5
CVE-2021-47723 EXPLOITDB HIGH html WORKING POC
STVS ProVision 5.9.10 - Cross-Site Request Forgery
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
CVSS 8.8
CVE-2021-47722 EXPLOITDB LOW text WORKING POC
Zucchetti Axess CLOKI Access Control 1.64 - CSRF
Zucchetti Axess CLOKI Access Control 1.64 contains a cross-site request forgery vulnerability that allows attackers to manipulate access control settings without user interaction. Attackers can craft malicious web pages with hidden forms to disable or modify access control parameters by tricking authenticated users into loading the page.
CVSS 3.5
CVE-2021-47719 EXPLOITDB HIGH text WORKING POC
COMMAX WebViewer ActiveX Control 2.1.4.5 - Buffer Overflow
COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer overflow conditions and potentially gain code execution.
CVE-2021-47718 EXPLOITDB HIGH text WRITEUP
OpenBMCS 2.4 - Unauthenticated Information Disclosure via Directory Listing
OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
CVSS 7.5
CVE-2021-47717 EXPLOITDB MEDIUM text WRITEUP
IntelliChoice eFORCE Software Suite 2.5.9 - Info Disclosure
IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
CVE-2021-47710 EXPLOITDB HIGH text WORKING POC
COMMAX Smart Home System - Info Disclosure
COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint.
CVE-2021-47709 EXPLOITDB HIGH text WORKING POC
COMMAX Smart Home Ruvie CCTV Bridge DVR Service - Unauthenticated Denial of Service via setconf Endpoint
COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
CVE-2021-47708 EXPLOITDB CRITICAL text WORKING POC
COMMAX Smart Home System CDP-1020n - SQL Injection
COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
CVE-2021-47707 EXPLOITDB CRITICAL text WORKING POC
COMMAX CVD-Axx DVR 5.1.4 - Info Disclosure
COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
CVE-2021-47706 EXPLOITDB HIGH text WORKING POC
COMMAX Biometric Access Control System 1.0.0 - Auth Bypass
COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
CVE-2021-47705 EXPLOITDB HIGH text WORKING POC
COMMAX UMS Client ActiveX Control 1.7.0.2 - Buffer Overflow
COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
CVE-2021-47704 EXPLOITDB MEDIUM text WORKING POC
OpenBMCS 2.4 - Authenticated SQL Injection via obix_test.php id Parameter
OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obix_test.php with malicious 'id' values to extract database information.
CVSS 6.5
CVE-2021-47703 EXPLOITDB HIGH text WORKING POC
OpenBMCS 2.4 phpQuery.php - ip Parameter Server-Side Request Forgery
OpenBMCS 2.4 contains an unauthenticated SSRF vulnerability that allows attackers to bypass firewalls and initiate service and network enumeration on the internal network through the affected application, allowing hijacking of current sessions. Attackers can specify an external domain in the 'ip' parameter to force the application to make an HTTP request to an arbitrary destination host.
CVSS 7.2
CVE-2021-47702 EXPLOITDB MEDIUM text WORKING POC
OpenBMCS 2.4 - Cross-Site Request Forgery via sendFeedback.php Endpoint
OpenBMCS 2.4 contains a CSRF vulnerability that allows attackers to perform actions with administrative privileges by exploiting the sendFeedback.php endpoint. Attackers can submit malicious requests to trigger unintended actions, such as sending emails or modifying system settings.
CVSS 4.3
CVE-2021-47701 EXPLOITDB HIGH text WORKING POC
OpenBMCS 2.4 - Privilege Escalation via User Permissions Update Script
OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploiting a vulnerability in the update_user_permissions.php script. Attackers can submit a malicious HTTP POST request to PHP scripts in '/plugins/useradmin/' directory.
CVSS 8.8
CVE-2021-47739 EXPLOITDB HIGH text WRITEUP
Epic Games Easy Anti-Cheat 4.0 - Code Injection
Epic Games Easy Anti-Cheat 4.0 contains an unquoted service path vulnerability that allows local non-privileged users to execute arbitrary code with elevated system privileges. Attackers can exploit the service configuration by inserting malicious code in the system root path that would execute with LocalSystem privileges during application startup.
CVSS 8.4
CVE-2021-28271 EXPLOITDB HIGH text WRITEUP
Soyal Technologies SOYAL 701Server 9.0.1 - Privilege Escalation
Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which can be used by an authenticated user to change the executable file with a binary choice. The vulnerability is due to improper permissions with the 'F' flag (Full) for 'Everyone'and 'Authenticated Users' group.
CVSS 8.8
CVE-2021-28269 EXPLOITDB HIGH text WRITEUP
Soyal Technology 701Client <9.0.1 - Privilege Escalation
Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Authenticated Users group with Full permissions.
CVSS 8.8
CVE-2020-36925 EXPLOITDB CRITICAL python WORKING POC
Arteco Web Client DVR/NVR - Auth Bypass
Arteco Web Client DVR/NVR contains a session hijacking vulnerability with insufficient session ID complexity that allows remote attackers to bypass authentication. Attackers can brute force session IDs within a specific numeric range to obtain valid sessions and access live camera streams without authorization.
CVSS 9.8