Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2012-4773 EXPLOITDB text WORKING POC
Subrion CMS < 2.2.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
CVE-2014-10009 EXPLOITDB text WORKING POC
Stark CRM 1.0 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
EIP-2026-112398 EXPLOITDB text WRITEUP
Sports Accelerator Suite 2.0 - 'news_id' SQL Injection
EIP-2026-112394 EXPLOITDB text WORKING POC
Spitfire CMS 1.0.475 - PHP Object Injection
CVE-2014-9344 EXPLOITDB html WORKING POC
Snowfox CMS < 1.0 - Cross-Site Request Forgery via Admin Account Creation
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/.
EIP-2026-112201 EXPLOITDB html WORKING POC
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
CVE-2011-5116 EXPLOITDB text WORKING POC
SetSeed CMS < 5.11.2 - SQL Injection via loggedInUser Cookie
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie.
EIP-2026-111657 EXPLOITDB text WORKING POC
R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities
EIP-2026-111618 EXPLOITDB text WORKING POC
qEngine CMS 6.0.0 - Multiple Vulnerabilities
EIP-2026-111604 EXPLOITDB text WORKING POC
pyrocms 2.1.1 - Multiple Vulnerabilities
CVE-2006-2758 EXPLOITDB text WRITEUP
jetty 6.0.x beta16 - Path Traversal via Encoded URL
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
EIP-2026-111460 EXPLOITDB text WORKING POC
PRADO PHP Framework 3.2.0 - Arbitrary File Read
EIP-2026-111392 EXPLOITDB text WRITEUP
pointter PHP content management system 1.2 - Multiple Vulnerabilities
CVE-2011-1100 EXPLOITDB text WRITEUP
Pixelpost 1.7.3 - Authenticated SQL Injection via findfid, id, selectfcat, selectfmon, or selectftag Parameter
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
CVE-2013-1469 EXPLOITDB text WORKING POC
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
CVE-2012-2741 EXPLOITDB text WRITEUP
phplist < 2.10.18 - Cross-Site Scripting via Num Parameter in Reconcileusers Action
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.
EIP-2026-110586 EXPLOITDB text WORKING POC
phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting
CVE-2013-5123 EXPLOITDB MEDIUM text WORKING POC
pip < 1.5 - Man-in-the-Middle Attack via Insecure Mirror DNS Querying
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVSS 5.9
EIP-2026-110569 EXPLOITDB text WORKING POC
PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injections
EIP-2026-110568 EXPLOITDB text WORKING POC
PG eLms Pro vDEC_2007_01 - 'contact_us.php' Multiple POST Cross-Site Scripting Vulnerabilities
EIP-2026-110413 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - SQL Injection
EIP-2026-110412 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - Remote Code Execution
EIP-2026-110411 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - Directory Traversal
EIP-2026-110440 EXPLOITDB python WORKING POC
Pacer Edition CMS 2.1 - 'rm' Arbitrary File Deletion
EIP-2026-110439 EXPLOITDB text WORKING POC
Pacer Edition CMS 2.1 - 'l' Local File Inclusion