LiquidWorm

790 exploits Active since Jun 2006
CVE-2020-36887 EXPLOITDB HIGH text WORKING POC
SpinetiX Fusion Digital Signage <3.4.8 - Info Disclosure
SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information.
CVSS 7.5
CVE-2020-36886 EXPLOITDB HIGH text WORKING POC
SpinetiX Fusion Digital Signage 3.4.8 - CSRF
SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious web page that automatically submits a form to create a new admin user with full system privileges when a logged-in user visits the page.
CVSS 8.8
CVE-2020-36885 EXPLOITDB CRITICAL python WORKING POC
Sony IPELA Network Camera 1.82.01 - RCE
Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service.
CVSS 9.8
CVE-2020-36884 EXPLOITDB MEDIUM text WORKING POC
BrightSign Digital Signage Diagnostic Web Server <8.2.26 - SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts.
CVE-2020-36883 EXPLOITDB HIGH text WORKING POC
SpinetiX Fusion Digital Signage <3.4.8 - Path Traversal
SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers can exploit path traversal techniques in index.php to write backup files to arbitrary locations and delete files by manipulating backup and file delete requests.
CVSS 8.1
CVE-2020-36878 EXPLOITDB HIGH text WORKING POC
ReQuest Serious Play Media Player 3.0 - Info Disclosure
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
CVE-2020-36877 EXPLOITDB CRITICAL text WORKING POC
ReQuest Serious Play F3 Media Server 7.0.3 - RCE
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.
CVE-2020-36876 EXPLOITDB HIGH text WRITEUP
ReQuest Serious Play F3 Media Server <7.0.3.4968 - Info Disclosure
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.
CVE-2020-36872 EXPLOITDB HIGH text WORKING POC
BACnet Test Server <= 1.01 - Unauthenticated Denial of Service via Malformed BVLC Length Field
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.
CVE-2020-36908 EXPLOITDB MEDIUM text WORKING POC
SnapGear Management Console SG560 3.1.5 - CSRF
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full administrative privileges when a logged-in user visits the page.
CVSS 5.3
CVE-2019-25325 EXPLOITDB HIGH text WORKING POC
Thrive Smart Home 1.1 - SQL Injection
Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application.
CVSS 8.2
CVE-2019-25291 EXPLOITDB HIGH text WRITEUP
INIM Electronics Smartliving SmartLAN/G/SI <=6.x - Info Disclosure
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.
CVSS 7.5
CVE-2019-25290 EXPLOITDB MEDIUM text WORKING POC
Smartliving SmartLAN/G/SI <=6.x - SSRF
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
CVSS 5.3
CVE-2019-25289 EXPLOITDB HIGH text WORKING POC
SmartLiving SmartLAN <=6.x - Command Injection
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.
CVSS 8.8
CVE-2020-22001 EXPLOITDB CRITICAL text WORKING POC
HomeAutomation 3.3.2 - Authentication Bypass via X-Forwarded-For Header Spoofing
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote control of the smart home solution.
CVSS 9.8
CVE-2020-22000 EXPLOITDB HIGH text WORKING POC
HomeAutomation 3.3.2 - Authenticated OS Command Injection via Custom Command Plugin
HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell commands as the web user via the 'set_command_on' and 'set_command_off' POST parameters in '/system/systemplugins/customcommand/customcommand.plugin.php' by using an unsanitized PHP exec() function.
CVSS 8.0
CVE-2020-21999 EXPLOITDB HIGH python WORKING POC
iWT FaceSentry Access Control System 6.4.8 - Authenticated OS Command Injection via strInIP Parameter
iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
CVSS 8.8
CVE-2020-21997 EXPLOITDB HIGH bash WORKING POC
Smartwares HOME easy <=1.0.9 - Unauthenticated Database Backup Download and Information Disclosure
Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated database backup download and information disclosure vulnerability. An attacker could disclose sensitive and clear-text information resulting in authentication bypass, session hijacking and full system control.
CVSS 7.5
CVE-2020-21996 EXPLOITDB HIGH text WORKING POC
AVE DOMINAplus <=1.10.x - Unauthenticated Denial of Service via Reboot Command Execution
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can exploit this issue to cause a denial of service scenario.
CVSS 7.5
CVE-2020-21995 EXPLOITDB CRITICAL text WRITEUP
Inim Smartliving Firmware < 6.0 - Use of Hard-coded Credentials
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
CVSS 9.8
CVE-2020-21994 EXPLOITDB CRITICAL text WORKING POC
AVE DOMINAplus <=1.10.x - Unauthenticated Credential Disclosure via /xml/authClients.xml
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
CVSS 9.8
CVE-2020-21991 EXPLOITDB CRITICAL text WORKING POC
AVE DOMINAplus <= 1.10.x - Unauthenticated Authentication Bypass via changeparams.php autologin Parameter
AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
CVSS 9.8
CVE-2020-21990 EXPLOITDB HIGH text WORKING POC
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Unauthenticated Information Disclosure
Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0.2.40 is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
CVSS 7.5
CVE-2020-21989 EXPLOITDB HIGH text WORKING POC
HomeAutomation 3.3.2 - Cross-Site Request Forgery
HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
CVSS 8.8
CVE-2020-21987 EXPLOITDB MEDIUM text WORKING POC
HomeAutomation 3.3.2 - Stored Cross-Site Scripting via Input Parameter
HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session.
CVSS 6.1