LiquidWorm

790 exploits Active since Jun 2006
CVE-2018-25155 EXPLOITDB MEDIUM html WORKING POC
Teradek Slice 7.3.15 - CSRF
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.
CVSS 4.3
CVE-2018-25154 EXPLOITDB CRITICAL text WORKING POC
GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
CVSS 9.8
CVE-2018-25152 EXPLOITDB MEDIUM text WORKING POC
Ecessa Edge EV150 10.7.4 - CSRF
Ecessa Edge EV150 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a form that submits requests to the /cgi-bin/pl_web.cgi/util_configlogin_act endpoint to add superuser accounts with arbitrary credentials.
CVSS 5.3
CVE-2018-25151 EXPLOITDB MEDIUM text WORKING POC
Ecessa WANWorx WVR-30 <10.7.4 - CSRF
Ecessa WANWorx WVR-30 versions before 10.7.4 contain a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft a malicious web page with a hidden form to create a new superuser account by tricking an authenticated administrator into loading the page.
CVSS 4.3
CVE-2018-25150 EXPLOITDB MEDIUM text WORKING POC
Ecessa ShieldLink SL175EHQ 10.7.4 - CSRF
Ecessa ShieldLink SL175EHQ 10.7.4 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious web page with a hidden form to add a superuser account by tricking a logged-in administrator into loading the page.
CVSS 5.3
CVE-2018-25149 EXPLOITDB MEDIUM html WORKING POC
Microhard Systems IPn4G 1.1.0 - CSRF
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
CVSS 6.5
CVE-2018-9161 EXPLOITDB CRITICAL text WRITEUP
Prismaindustriale Checkweigher Prismaweb - Hard-coded Credentials
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
CVSS 9.8
CVE-2018-25148 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Authenticated RCE
Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.
CVSS 8.8
CVE-2018-25147 EXPLOITDB HIGH text WRITEUP
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains hardcoded default credentials that cannot be changed through normal gateway operations. Attackers can exploit these default credentials to gain unauthorized root-level access to the device by logging in with predefined username and password combinations.
CVSS 7.5
CVE-2018-25146 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes. Attackers can send arbitrary signals to kill background processes and system services through a hidden feature, potentially causing service disruption and requiring device restart.
CVSS 8.1
CVE-2018-25145 EXPLOITDB MEDIUM text WORKING POC
Microhard Systems IPn4G 1.1.0 - Info Disclosure
Microhard Systems IPn4G 1.1.0 contains a configuration file disclosure vulnerability that allows authenticated attackers to download sensitive system configuration files. Attackers can retrieve configuration files from multiple directories including '/www', '/etc/m_cli/', and '/tmp' to access system passwords and network settings.
CVSS 6.5
CVE-2018-25144 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Auth Bypass
Microhard Systems IPn4G 1.1.0 contains an authentication bypass vulnerability in the hidden system-editor.sh script that allows authenticated attackers to read, modify, or delete arbitrary files. Attackers can exploit unsanitized 'path', 'savefile', 'edit', and 'delfile' parameters to perform unauthorized file system modifications through GET and POST requests.
CVSS 8.4
CVE-2018-25143 EXPLOITDB HIGH text WORKING POC
Microhard Systems IPn4G 1.1.0 - Privilege Escalation
Microhard Systems IPn4G 1.1.0 contains a service vulnerability that allows authenticated users to enable a restricted SSH shell with a default 'msshc' user. Attackers can exploit a custom 'ping' command in the NcFTP environment to escape the restricted shell and execute commands with root privileges.
CVSS 8.8
CVE-2018-25142 EXPLOITDB CRITICAL text WORKING POC
NovaRad NovaPACS Diagnostics Viewer <8.5.19.75 - XXE Injection
NovaRad NovaPACS Diagnostics Viewer 8.5.19.75 contains an unauthenticated XML External Entity (XXE) injection vulnerability in XML preference import settings. Attackers can craft malicious XML files with DTD parameter entities to retrieve arbitrary system files through an out-of-band channel attack.
CVSS 9.8
CVE-2018-25141 EXPLOITDB HIGH text WRITEUP
FLIR thermal traffic cameras - Info Disclosure
FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication.
CVSS 7.5
CVE-2018-25140 EXPLOITDB HIGH python WORKING POC
FLIR thermal traffic cameras - SSRF
FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially initiate denial of service by sending crafted WebSocket messages without authentication.
CVSS 7.5
CVE-2018-25139 EXPLOITDB HIGH text WORKING POC
FLIR AX8 Thermal Camera <1.32.16 - Info Disclosure
FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.
CVSS 7.5
CVE-2018-25138 EXPLOITDB CRITICAL text WRITEUP
FLIR AX8 Thermal Camera 1.32.16 - Auth Bypass
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and password combinations.
CVSS 9.8
CVE-2018-25137 EXPLOITDB HIGH text WORKING POC
FLIR Brickstream 3D+ <2.1.742.1842 - Info Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getConfigExportFile.cgi endpoint to retrieve system configurations, potentially enabling authentication bypass and privilege escalation.
CVSS 7.5
CVE-2018-25136 EXPLOITDB HIGH text WORKING POC
FLIR Brickstream 3D+ <2.1.742.1842 - Info Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpg.
CVSS 7.5
CVE-2018-25135 EXPLOITDB CRITICAL text WORKING POC
Anviz AIM CrossChex Standard 4.3.6.0 - Code Injection
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing user data.
CVSS 9.8
CVE-2018-25134 EXPLOITDB CRITICAL text WORKING POC
Synaccess netBooter NP-02x/NP-08x 6.8 - Auth Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.
CVSS 9.8
CVE-2018-25133 EXPLOITDB MEDIUM text WORKING POC
Synaccess netBooter NP-0801DU 7.4 - CSRF
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administrators into loading a malicious page.
CVSS 4.3
CVE-2018-25131 EXPLOITDB HIGH html WORKING POC
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - XSS
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.
CVSS 7.2
CVE-2018-25130 EXPLOITDB MEDIUM python WORKING POC
Beward Intercom 2.3.1 - Info Disclosure
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.
CVSS 6.2