LiquidWorm

790 exploits Active since Jun 2006
CVE-2015-1423 EXPLOITDB text WORKING POC
Gecko CMS 2.2-2.3 - Authenticated SQL Injection via Admin Index Parameters
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
CVE-2015-1422 EXPLOITDB text WORKING POC
Gecko CMS 2.2-2.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.
CVE-2014-8656 EXPLOITDB text WORKING POC
Compal Broadband Networks CH6640E/CG6640E Wireless Gateway 1.0 - In...
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
CVE-2014-8655 EXPLOITDB text WORKING POC
Compal Broadband Networks CH6640E-CH6640-3.5.11.7-NOSH - Auth Bypass
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.
CVE-2014-8654 EXPLOITDB text WORKING POC
Compal Broadband Networks CH6640E/CG6640E Wireless Gateway 1.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.
CVE-2014-8653 EXPLOITDB text WORKING POC
Compal Broadband Networks (CBN) CH6640E/CG6640E Wireless Gateway 1....
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.
CVE-2014-10034 EXPLOITDB text WORKING POC
couponphp < 1.1.0 - Authenticated SQL Injection via iDisplayLength or iDisplayStart Parameter
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
CVE-2011-5039 EXPLOITDB text WORKING POC
Infoproject Biznis Heroj - SQL Injection via login.php or widget.dokumenti_lista.php
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
CVE-2012-3837 EXPLOITDB text WORKING POC
Baby Gekko < 1.2.0 - Cross-Site Scripting via Registration Parameters
Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information.
CVE-2012-3836 EXPLOITDB text WORKING POC
Baby Gekko < 1.2.0 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php.
CVE-2009-20007 EXPLOITDB CRITICAL perl WORKING POC
Talkative IRC v0.4.4.16 - Buffer Overflow
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
EIP-2026-119682 EXPLOITDB python WORKING POC
OpenMRS 2.3 (1.11.4) - XML External Entity Processing
CVE-2014-5455 EXPLOITDB MEDIUM text WRITEUP
ptservice <3.0 - Privilege Escalation
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
CVSS 5.3
EIP-2026-119627 EXPLOITDB text WRITEUP
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
EIP-2026-119455 EXPLOITDB text WORKING POC
Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities
EIP-2026-119681 EXPLOITDB text WORKING POC
OpenMRS 2.3 (1.11.4) - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-119664 EXPLOITDB text WORKING POC
Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder
EIP-2026-119672 EXPLOITDB text WORKING POC
CyberPower Systems PowerPanel 3.1.2 - XML External Entity Out-Of-Band Data Retrieval
EIP-2026-119423 EXPLOITDB python WORKING POC
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
EIP-2026-119415 EXPLOITDB text WORKING POC
Pelco VideoXpert 1.12.105 - Information Disclosure
EIP-2026-119429 EXPLOITDB text WORKING POC
Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass
EIP-2026-119432 EXPLOITDB text WORKING POC
SonicDICOM PACS 2.3.2 - Privilege Escalation
CVE-2012-2172 EXPLOITDB text WRITEUP
IBM DS Storage Manager Host Software < 10.83 - Cross-Site Scripting via SoftwareRegistration.do updateRegn Parameter
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
EIP-2026-119430 EXPLOITDB html WORKING POC
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)
EIP-2026-119414 EXPLOITDB text WORKING POC
Pelco VideoXpert 1.12.105 - Directory Traversal