Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2014-10009 EXPLOITDB text WORKING POC
Iwcn Stark Crm - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
EIP-2026-112398 EXPLOITDB text WRITEUP
Sports Accelerator Suite 2.0 - 'news_id' SQL Injection
EIP-2026-112394 EXPLOITDB text WORKING POC
Spitfire CMS 1.0.475 - PHP Object Injection
CVE-2014-9344 EXPLOITDB html WORKING POC
Snowfox CMS <1.0.10 - CSRF
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/.
EIP-2026-112201 EXPLOITDB html WORKING POC
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
CVE-2011-5116 EXPLOITDB text WORKING POC
Setseed Cms < 5.11.2 - SQL Injection
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie.
EIP-2026-111657 EXPLOITDB text WORKING POC
R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities
EIP-2026-111618 EXPLOITDB text WORKING POC
qEngine CMS 6.0.0 - Multiple Vulnerabilities
EIP-2026-111604 EXPLOITDB text WORKING POC
pyrocms 2.1.1 - Multiple Vulnerabilities
CVE-2006-2758 EXPLOITDB text WRITEUP
Jetty - Path Traversal
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
EIP-2026-111460 EXPLOITDB text WORKING POC
PRADO PHP Framework 3.2.0 - Arbitrary File Read
EIP-2026-111392 EXPLOITDB text WRITEUP
pointter PHP content management system 1.2 - Multiple Vulnerabilities
CVE-2011-1100 EXPLOITDB text WRITEUP
Pixelpost - SQL Injection
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
CVE-2013-1469 EXPLOITDB text WORKING POC
Piwigo < 2.4.6 - Path Traversal
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
CVE-2012-2741 EXPLOITDB text WRITEUP
phpList <2.10.18 - XSS
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.
EIP-2026-110586 EXPLOITDB text WORKING POC
phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting
CVE-2013-5123 EXPLOITDB MEDIUM text WORKING POC
Python Pip <1.5 - SSRF
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVSS 5.9
EIP-2026-110569 EXPLOITDB text WORKING POC
PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injections
EIP-2026-110568 EXPLOITDB text WORKING POC
PG eLms Pro vDEC_2007_01 - 'contact_us.php' Multiple POST Cross-Site Scripting Vulnerabilities
EIP-2026-110413 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - SQL Injection
EIP-2026-110412 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - Remote Code Execution
EIP-2026-110411 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - Directory Traversal
EIP-2026-110440 EXPLOITDB python WORKING POC
Pacer Edition CMS 2.1 - 'rm' Arbitrary File Deletion
EIP-2026-110439 EXPLOITDB text WORKING POC
Pacer Edition CMS 2.1 - 'l' Local File Inclusion
CVE-2014-9101 EXPLOITDB text WORKING POC
Oxwall 1.7.0- SkaDate Lite 2.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames.