Gjoko 'LiquidWorm' Krstic

684 exploits Active since Nov 2005
EIP-2026-102375 EXPLOITDB text WORKING POC
Hippo CMS 10.1 - Multiple Vulnerabilities
CVE-2017-9650 EXPLOITDB HIGH python WORKING POC
ALC WebCTRL <6.5 - RCE
An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code.
CVSS 7.8
EIP-2026-102115 EXPLOITDB text WRITEUP
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
EIP-2026-102351 EXPLOITDB text WRITEUP
Ametys CMS 3.5.2 - 'lang' XPath Injection
CVE-2017-9640 EXPLOITDB MEDIUM text WORKING POC
ALC WebCTRL <6.5 - Path Traversal
A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.
CVSS 6.3
EIP-2026-102532 EXPLOITDB text WRITEUP
Resin Application Server 4.0.36 - Source Code Disclosure
CVE-2015-7904 EXPLOITDB text WORKING POC
Infinite Automation Mango Automation <2.6.0 - RCE
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file.
EIP-2026-102499 EXPLOITDB text WRITEUP
ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
EIP-2026-101702 EXPLOITDB text WORKING POC
Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link - Authentication Bypass
CVE-2018-18428 EXPLOITDB HIGH text WORKING POC
Tp-link Tl-sc3130 Firmware - Information Disclosure
TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream access, as demonstrated by a /jpg/image.jpg URI.
CVSS 7.5
EIP-2026-102026 EXPLOITDB text WORKING POC
SOYAL Biometric Access Control System 5.0 - Master Code Disclosure
EIP-2026-102025 EXPLOITDB html WORKING POC
SOYAL Biometric Access Control System 5.0 - 'Change Admin Password' CSRF
EIP-2026-102002 EXPLOITDB html WORKING POC
Sipwise C5 NGCP CSC - 'Multiple' Persistent Cross-Site Scripting (XSS)
EIP-2026-102000 EXPLOITDB text WORKING POC
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
EIP-2026-101999 EXPLOITDB text WORKING POC
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
EIP-2026-101998 EXPLOITDB text WRITEUP
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
EIP-2026-101997 EXPLOITDB python WORKING POC
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
EIP-2026-101994 EXPLOITDB text WORKING POC
Sielco Analog FM Transmitter 2.12 - Cross-Site Request Forgery
EIP-2026-101993 EXPLOITDB text WRITEUP
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
CVE-2019-7670 EXPLOITDB HIGH python WORKING POC
Prima Systems FlexAir <2.3.38 - Command Injection
Prima Systems FlexAir, Versions 2.3.38 and prior. The application incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component, which could allow attackers to execute commands directly on the operating system.
CVSS 7.2
EIP-2026-101913 EXPLOITDB text WORKING POC
Pelco Sarix/Spectra Cameras - Remote Code Execution
EIP-2026-101912 EXPLOITDB text WORKING POC
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery / Cross-Site Scripting
EIP-2026-101911 EXPLOITDB text WORKING POC
Pelco Sarix/Spectra Cameras - Cross-Site Request Forgery (Enable SSH Root Access)
EIP-2026-101907 EXPLOITDB text WRITEUP
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
EIP-2026-101882 EXPLOITDB text WORKING POC
Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access