icekam

8 exploits Active since Nov 2020
CVE-2020-35437 EXPLOITDB MEDIUM text WORKING POC
Subrion CMS 4.2.1 - Cross-Site Scripting via Avatar Path Parameter
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
CVSS 6.1
CVE-2020-28092 EXPLOITDB MEDIUM text WORKING POC
PESCMS Team 2.3.2 - Reflected Cross-Site Scripting via ID Parameter
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=
CVSS 6.1
CVE-2020-28091 EXPLOITDB HIGH text WRITEUP
cxuucms v3 - SQL Injection via search.php Keywords Parameter
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.
CVSS 7.5
CVE-2021-40380 EXPLOITDB HIGH text WRITEUP
Compro IP70 IP570 IP60 TN540 Firmware - Credential Disclosure via cameralist.cgi and setcamera.cgi
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. cameralist.cgi and setcamera.cgi disclose credentials.
CVSS 7.5
CVE-2021-40381 EXPLOITDB HIGH text WRITEUP
Compro IP70/IP570/IP60/TN540 <2.08 - Info Disclosure
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. index_MJpeg.cgi allows video access.
CVSS 7.5
CVE-2021-40379 EXPLOITDB HIGH text WRITEUP
Compro IP70, IP570, IP60, TN540 Firmware - Unauthenticated RTSP Stream Access
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rstp://.../medias2 does not require authorization.
CVSS 7.5
CVE-2021-40382 EXPLOITDB HIGH text WRITEUP
Compro IP70/IP570/TN540 <2.08 - Info Disclosure
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mjpegStreamer.cgi allows video screenshot access.
CVSS 7.5
CVE-2021-40378 EXPLOITDB HIGH text WORKING POC
Compro IP70 IP570 IP60 TN540 Firmware - Unauthenticated Denial of Service via killps.cgi
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /cgi-bin/support/killps.cgi deletes all data from the device.
CVSS 8.1