Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
EIP-2026-108985 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass
CVE-2010-5281 EXPLOITDB text WORKING POC
CMScout IBrowser TinyMCE Plugin <1.4.1 - Path Traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-107878 EXPLOITDB html WORKING POC
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
EIP-2026-107841 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107840 EXPLOITDB text WRITEUP
InfraPower PPS-02-S Q213V1 - Local File Disclosure
EIP-2026-107839 EXPLOITDB text WRITEUP
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
EIP-2026-107838 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
EIP-2026-107837 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Authentication Bypass
CVE-2011-5040 EXPLOITDB text WORKING POC
Infoproject Biznis Heroj - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
EIP-2026-107815 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - Multiple Cross-Site Scripting / SQL Injection Vulnerabilities
EIP-2026-107814 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - Arbitrary File Deletion
EIP-2026-107813 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
EIP-2026-107802 EXPLOITDB text WORKING POC
iManager Plugin 1.2.8 - 'lang' Local File Inclusion
EIP-2026-107801 EXPLOITDB text WORKING POC
iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion
EIP-2026-107354 EXPLOITDB text WRITEUP
GAzie 5.10 - 'Login' Multiple Vulnerabilities
CVE-2013-7368 EXPLOITDB text WORKING POC
Gnew 2013.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
CVE-2015-2680 EXPLOITDB text WORKING POC
Metalgenix Genixcms < 0.0.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
CVE-2015-1424 EXPLOITDB text WORKING POC
Gecko CMS 2.2-2.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
EIP-2026-107160 EXPLOITDB text WORKING POC
FluxBB 1.5.3 - Multiple Vulnerabilities
EIP-2026-106965 EXPLOITDB text WRITEUP
Exponent CMS 0.97 - Multiple Vulnerabilities
EIP-2026-107142 EXPLOITDB html WORKING POC
Flatpress 1.0.3 - Cross-Site Request Forgery / Arbitrary File Upload
EIP-2026-107043 EXPLOITDB text WORKING POC
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection
EIP-2026-107041 EXPLOITDB text WORKING POC
Family Connections 2.3.2 - 'subject' HTML Injection
EIP-2026-106987 EXPLOITDB python WORKING POC
EyeLock nano NXT 3.5 - Remote Code Execution
EIP-2026-106986 EXPLOITDB text WORKING POC
EyeLock nano NXT 3.5 - Local File Disclosure