Gjoko Krstic

49 exploits Active since Dec 2006
CVE-2012-2910 EXPLOITDB text WORKING POC
SiliSoftware phpThumb() <1.7.11 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php.
EIP-2026-111617 EXPLOITDB text WRITEUP
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
EIP-2026-110286 EXPLOITDB text WRITEUP
OpenEMR - 'site' Cross-Site Scripting
EIP-2026-110107 EXPLOITDB text WORKING POC
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-3489 EXPLOITDB text WORKING POC
CMS Digital Workroom 5.5.0 - Cross-Site Scripting via goback Parameter
Cross-site scripting (XSS) vulnerability in netautor/napro4/home/login2.php in CMS Digital Workroom (formerly Netautor Professional) 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the goback parameter.
EIP-2026-109863 EXPLOITDB text WORKING POC
net4visions (Multiple Products) - 'dir' Multiple Cross-Site Scripting Vulnerabilities
CVE-2010-4901 EXPLOITDB text WORKING POC
MySource Matrix 3.28.3 - Cross-Site Scripting via char_map.php Height or Width Parameter
Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.
CVE-2012-5343 EXPLOITDB text WORKING POC
Limny 3.0.1 - Cross-Site Scripting via PATH_INFO in admin/login.php
Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.
EIP-2026-108376 EXPLOITDB text WORKING POC
Joomla! Component com_incapsula - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107186 EXPLOITDB text WORKING POC
Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
EIP-2026-105762 EXPLOITDB text WORKING POC
Caucho Resin - 'index.php?logout' Cross-Site Scripting
EIP-2026-105761 EXPLOITDB text WRITEUP
Caucho Resin - '/resin-admin/' URI Cross-Site Scripting
CVE-2012-2906 EXPLOITDB text WORKING POC
Artiphp CMS 5.5.0 Neo - Cross-Site Scripting via artpublic/recommandation/index.php Parameters
Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter.
EIP-2026-105172 EXPLOITDB html WORKING POC
Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities
CVE-2011-4275 EXPLOITDB ruby WORKING POC
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
CVE-2011-4275 EXPLOITDB ruby WORKING POC
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
EIP-2026-103815 EXPLOITDB text WORKING POC
SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution
EIP-2026-103860 EXPLOITDB text WORKING POC
Appweb Web Server 3.2.2-1 - Cross-Site Scripting
EIP-2026-101993 EXPLOITDB text WRITEUP
Sielco Analog FM Transmitter 2.12 - 'id' Cookie Brute Force Session Hijacking
EIP-2026-101263 EXPLOITDB ruby WORKING POC
eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)
EIP-2026-101399 EXPLOITDB python WORKING POC
Osprey Pump Controller 1.0.1 - Authentication Bypass Credentials Modification
EIP-2026-101316 EXPLOITDB text WORKING POC
ICT Protege GX/WX 2.08 - Stored Cross-Site Scripting (XSS)
EIP-2026-100347 EXPLOITDB text WORKING POC
Hero 3.69 - 'month' Cross-Site Scripting
EIP-2026-100488 EXPLOITDB text WORKING POC
PolarisCMS - 'WebForm_OnSubmit()' Cross-Site Scripting