Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
CVE-2008-4423 EXPLOITDB text WORKING POC
Ovidentia - SQL Injection
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
EIP-2026-110000 EXPLOITDB text WORKING POC
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections
EIP-2026-109999 EXPLOITDB text WRITEUP
NUUO NVRmini 2 3.0.8 - Local File Disclosure
EIP-2026-109998 EXPLOITDB html WORKING POC
NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)
EIP-2026-109996 EXPLOITDB text WORKING POC
NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access
EIP-2026-109994 EXPLOITDB text WORKING POC
NULL NUKE CMS 2.2 - Multiple Vulnerabilities
CVE-2011-4275 EXPLOITDB php WORKING POC
iTop 1.1.181-1.2.0-RC-282 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
CVE-2014-5100 EXPLOITDB text WORKING POC
Omeka < 2.2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
EIP-2026-110001 EXPLOITDB python WORKING POC
NUUO NVRmini 2 3.0.8 - Remote Code Execution
EIP-2026-109548 EXPLOITDB text WORKING POC
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
EIP-2026-109621 EXPLOITDB text WORKING POC
MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-109620 EXPLOITDB text WORKING POC
MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting
EIP-2026-109619 EXPLOITDB text WORKING POC
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2015-2269 EXPLOITDB text WORKING POC
Moodle < 2.5.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
CVE-2010-4349 EXPLOITDB text WORKING POC
Mantisbt < 1.2.3 - Information Disclosure
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
CVE-2014-4718 EXPLOITDB text WORKING POC
Lunar CMS <3.3-3 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.
EIP-2026-109451 EXPLOITDB html WORKING POC
Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)
EIP-2026-109450 EXPLOITDB text WORKING POC
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution
CVE-2010-4350 EXPLOITDB text WORKING POC
Mantisbt < 1.2.3 - Path Traversal
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
EIP-2026-109224 EXPLOITDB text WORKING POC
Lunar CMS 3.3 - Remote Command Execution
EIP-2026-108988 EXPLOITDB text WRITEUP
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
EIP-2026-109141 EXPLOITDB text WORKING POC
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
EIP-2026-108989 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - Remote Code Execution
EIP-2026-108987 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - Database Backup Disclosure
EIP-2026-108986 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion