LiquidWorm

790 exploits Active since Jun 2006
CVE-2018-25130 EXPLOITDB MEDIUM python WORKING POC
Beward Intercom 2.3.1 - Info Disclosure
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access to IP cameras and door stations.
CVSS 6.2
CVE-2018-25129 EXPLOITDB HIGH text WORKING POC
SOCA Access Control System 180612 - Info Disclosure
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_From_DB.php and Ac10_ReadSortCard.
CVSS 7.5
CVE-2018-25128 EXPLOITDB HIGH text WORKING POC
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by exploiting injection flaws in Login.php and Card_Edit_GetJson.php.
CVSS 8.2
CVE-2018-25127 EXPLOITDB MEDIUM text WORKING POC
SOCA Access Control System 180612 - Cross-Site Request Forgery
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users into visiting a malicious site.
CVSS 5.3
CVE-2016-15038 EXPLOITDB MEDIUM text WORKING POC
NUUO NVRmini 2 <3.0.8 - Path Traversal
A vulnerability, which was classified as critical, was found in NUUO NVRmini 2 up to 3.0.8. Affected is an unknown function of the file /deletefile.php. The manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258780.
CVSS 6.5
CVE-2015-9263 EXPLOITDB CRITICAL text WORKING POC
Idera Up.Time Monitoring Station 7.5.0/7.4.0 - Unrestricted File Upload via post2file.php
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
CVSS 9.8
CVE-2015-1060 EXPLOITDB python WORKING POC
AdaptCMS 3.0.3 - Open Redirect via HTTP Referer Header
Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
CVE-2015-1058 EXPLOITDB python WORKING POC
AdaptCMS 3.0.3 - Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new.
CVE-2012-2740 EXPLOITDB text WRITEUP
phplist < 2.10.18 - SQL Injection via sortby Parameter
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.
CVE-2017-20216 EXPLOITDB CRITICAL bash WORKING POC
FLIR Thermal Camera PT-Series <8.0.0.64 - Command Injection
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem() function through shell_exec() calls. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-06 (UTC).
CVSS 9.8
CVE-2017-20215 EXPLOITDB HIGH text WORKING POC
FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
CVSS 8.8
CVE-2017-20214 EXPLOITDB HIGH text WRITEUP
FLIR Thermal Camera F/FC/PT/D 8.0.0.64 - Use of Hard-coded Credentials
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiable credentials to gain unauthorized remote access to the thermal camera system.
CVSS 7.5
CVE-2017-20213 EXPLOITDB HIGH text WRITEUP
FLIR Thermal Camera F/FC/PT/D Stream <8.0.0.64 - Info Disclosure
FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can exploit the vulnerability to view unauthorized thermal camera video feeds across multiple camera series without requiring any authentication.
CVSS 7.5
CVE-2017-20212 EXPLOITDB MEDIUM text WORKING POC
FLIR Thermal Camera F/FC/PT/D <8.0.0.64 - Info Disclosure
FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input parameters. Attackers can exploit the /var/www/data/controllers/api/xml.php readFile() function to access local system files without authentication.
CVSS 6.2
CVE-2017-20120 EXPLOITDB MEDIUM text WORKING POC
TrueConf Server 4.3.7 - Cross-Site Request Forgery in Admin Service Stop Endpoint
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2017-20119 EXPLOITDB LOW text WORKING POC
TrueConf Server 4.3.7 - Open Redirect
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2017-20118 EXPLOITDB LOW text WORKING POC
TrueConf Server < 5.0.2 - Cross-Site Scripting via /admin/conferences/list/ domxss Parameter
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2017-20117 EXPLOITDB LOW text WORKING POC
TrueConf Server < 5.0.2 - Cross-Site Scripting in /admin/group
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2017-20116 EXPLOITDB LOW text WORKING POC
TrueConf Server < 5.0.2 - Reflected Cross-Site Scripting via checked_group_id Parameter
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2017-20115 EXPLOITDB LOW text WORKING POC
TrueConf Server < 5.0.2 - Reflected Cross-Site Scripting via sort Parameter
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2017-20114 EXPLOITDB LOW text WORKING POC
TrueConf Server < 5.0.2 - Reflected Cross-Site Scripting via keys[] Parameter
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2017-20113 EXPLOITDB LOW text WORKING POC
TrueConf Server < 5.0.2 - Stored Cross-Site Scripting
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2015-5529 EXPLOITDB text WORKING POC
Free Reprintables ArticleFR 3.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
CVE-2015-2679 EXPLOITDB text WORKING POC
genixcms < 0.0.1 - SQL Injection via Page or Username Parameter
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
CVE-2015-2678 EXPLOITDB text WORKING POC
genixcms < 0.0.1 - Cross-Site Scripting via cat or page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.