Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
EIP-2026-114703 EXPLOITDB text WORKING POC
NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities
EIP-2026-114426 EXPLOITDB text WORKING POC
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
EIP-2026-114489 EXPLOITDB text WORKING POC
xt:Commerce VEYTON 4.0.15 - 'products_name_de' Script Insertion
EIP-2026-113900 EXPLOITDB text WORKING POC
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion
EIP-2026-113899 EXPLOITDB text WORKING POC
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code Execution
EIP-2026-113442 EXPLOITDB text WORKING POC
Windu CMS 2.2 - Multiple Vulnerabilities
EIP-2026-113901 EXPLOITDB text WORKING POC
WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
EIP-2026-113237 EXPLOITDB text WRITEUP
web@all CMS 2.0 - Multiple Vulnerabilities
EIP-2026-113063 EXPLOITDB text WORKING POC
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
EIP-2026-112734 EXPLOITDB text WORKING POC
Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting
CVE-2011-1062 EXPLOITDB text WORKING POC
Taskfreak! - XSS
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
EIP-2026-112569 EXPLOITDB text WRITEUP
TCExam 11.2.011 - Multiple SQL Injections
EIP-2026-112907 EXPLOITDB html WORKING POC
up.time 7.5.0 - Superadmin Privilege Escalation
EIP-2026-112906 EXPLOITDB text WORKING POC
up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)
EIP-2026-112905 EXPLOITDB text WORKING POC
up.time 7.5.0 - Arbitrary File Disclose and Delete
EIP-2026-112864 EXPLOITDB text WRITEUP
UK One Media CMS - 'id' Error-Based SQL Injection
CVE-2015-1576 EXPLOITDB text WRITEUP
u5CMS <3.9.4 - SQL Injection
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
CVE-2015-1575 EXPLOITDB text WORKING POC
u5CMS <3.9.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php.
EIP-2026-112841 EXPLOITDB text WRITEUP
u5CMS 3.9.3 - 'thumb.php' Local File Inclusion
CVE-2015-1577 EXPLOITDB text WORKING POC
u5CMS <3.9.4 - Path Traversal
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
EIP-2026-112813 EXPLOITDB text WRITEUP
Tutorialms 1.4 - 'show' SQL Injection
EIP-2026-112808 EXPLOITDB text WRITEUP
Tugux CMS 1.2 - Multiple Vulnerabilities
EIP-2026-112807 EXPLOITDB text WORKING POC
Tugux CMS 1.2 - 'pid' Arbitrary File Deletion
EIP-2026-112202 EXPLOITDB python WORKING POC
SkaDate Lite 2.0 - Remote Code Execution
CVE-2012-4773 EXPLOITDB text WORKING POC
Subrion CMS <2.2.3 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.