icekam

CVE-2020-35437 EXPLOITDB MEDIUM text WORKING POC

Intelliants Subrion Cms - XSS

Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.

CVSS 6.1

View Code

CVE-2020-28092 EXPLOITDB MEDIUM text WORKING POC

Pescms Team - XSS

PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=

CVSS 6.1

View Code

CVE-2020-28091 EXPLOITDB HIGH text WRITEUP

Cxuucms - SQL Injection

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.

CVSS 7.5

View Code

CVE-2021-40380 EXPLOITDB HIGH text WRITEUP

Compro - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.

CVSS 7.5

View Code

CVE-2021-40381 EXPLOITDB HIGH text WRITEUP

Compro IP70/IP570/IP60/TN540 <2.08 - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.

CVSS 7.5

View Code

CVE-2021-40379 EXPLOITDB HIGH text WRITEUP

Compro - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.

CVSS 7.5

View Code

CVE-2021-40382 EXPLOITDB HIGH text WRITEUP

Compro IP70/IP570/TN540 <2.08 - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.

CVSS 7.5

View Code

CVE-2021-40378 EXPLOITDB HIGH text WORKING POC

Compro - Info Disclosure

An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.

CVSS 8.1

View Code