Gjoko Krstic

49 exploits Active since Dec 2006
CVE-2026-3611 WRITEUP CRITICAL WRITEUP
Honeywell IQ4x - Auth Bypass
The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest (level 100) context, granting read/write privileges to any party able to reach the HTTP interface. Authentication controls are only enforced after a web user is created via U.htm, which dynamically enables the user module. Because this function is accessible prior to authentication, a remote user can create a new account with administrative read/write permissions enabling the user module and imposing authentication under attacker-controlled credentials. This action can effectively lock legitimate operators out of local and web-based configuration and administration.
CVSS 10.0
CVE-2009-4140 EXPLOITDB ruby WORKING POC
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
CVE-2009-4140 EXPLOITDB ruby WORKING POC
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
CVE-2023-53964 EXPLOITDB CRITICAL text WORKING POC
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - RCE
SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass authentication, gaining full system control.
CVSS 9.8
CVE-2009-4140 METASPLOIT ruby WORKING POC
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
CVE-2009-4140 METASPLOIT ruby WORKING POC
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
CVE-2019-7256 METASPLOIT CRITICAL ruby WORKING POC
Linear eMerge E3-Series - Command Injection
Linear eMerge E3-Series devices allow Command Injections.
CVSS 9.8
CVE-2019-7276 METASPLOIT CRITICAL ruby WORKING POC
Optergy Proton/Enterprise - RCE
Optergy Proton/Enterprise devices allow Remote Root Code Execution via a Backdoor Console.
CVSS 9.8
CVE-2010-0700 EXPLOITDB text WORKING POC
WampServer 2.0i - XSS
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
EIP-2026-119304 EXPLOITDB text WORKING POC
XAMPP 1.7.7 - 'PHP_SELF' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-119256 EXPLOITDB text SUSPICIOUS
VideoLAN VLC Media Player 1.0.x - Bookmark Creation Buffer Overflow
EIP-2026-119140 EXPLOITDB c WORKING POC
Silo 2.1.1 - 'wintab32.dll' DLL Loading Arbitrary Code Execution
EIP-2026-118943 EXPLOITDB c WORKING POC
Native Instruments (Multiple Products) - DLL Loading Arbitrary Code Execution
CVE-2006-6199 EXPLOITDB ruby WORKING POC
Blazevideo Blaze Dvd - Memory Corruption
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
EIP-2026-115473 EXPLOITDB text SUSPICIOUS
J. River Media Jukebox 12 - '.mp3' Remote Heap Buffer Overflow
EIP-2026-115010 EXPLOITDB text SUSPICIOUS
BS.Player 2.51 - '.mp3' Buffer Overflow
EIP-2026-114026 EXPLOITDB text WORKING POC
WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting
EIP-2026-112735 EXPLOITDB text WORKING POC
Toko Lite CMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting
EIP-2026-112937 EXPLOITDB text WRITEUP
Ushahidi 2.0.1 - 'range' SQL Injection
EIP-2026-112570 EXPLOITDB text WORKING POC
TCExam 11.2.x - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112406 EXPLOITDB text WORKING POC
Squirrelcart - 'table' Cross-Site Scripting
EIP-2026-112189 EXPLOITDB text WRITEUP
Sitemagic CMS 2010.04.17 - 'SMExt' Cross-Site Scripting
EIP-2026-111967 EXPLOITDB text WRITEUP
Securimage - 'example_form.php' Cross-Site Scripting
CVE-2011-4709 EXPLOITDB html WORKING POC
Hotaru Search Plugin - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-2910 EXPLOITDB text WORKING POC
SiliSoftware phpThumb() <1.7.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.