LiquidWorm

790 exploits Active since Jun 2006
EIP-2026-114594 EXPLOITDB text WORKING POC
Zen Cart 1.3.9f - 'typefilter' Local File Inclusion
EIP-2026-114703 EXPLOITDB text WORKING POC
NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities
CVE-2014-4034 EXPLOITDB text WORKING POC
ZeroCMS 1.0 - SQL Injection
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
EIP-2026-114595 EXPLOITDB text WRITEUP
zen cart 1.3.9f - Multiple Vulnerabilities
EIP-2026-114426 EXPLOITDB text WORKING POC
Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
EIP-2026-114489 EXPLOITDB text WORKING POC
xt:Commerce VEYTON 4.0.15 - 'products_name_de' Script Insertion
EIP-2026-113442 EXPLOITDB text WORKING POC
Windu CMS 2.2 - Multiple Vulnerabilities
EIP-2026-113900 EXPLOITDB text WORKING POC
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion
EIP-2026-113899 EXPLOITDB text WORKING POC
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code Execution
EIP-2026-113901 EXPLOITDB text WORKING POC
WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
EIP-2026-113063 EXPLOITDB text WORKING POC
ViArt Shop Enterprise 4.1 - Arbitrary Command Execution
EIP-2026-113237 EXPLOITDB text WRITEUP
web@all CMS 2.0 - Multiple Vulnerabilities
CVE-2012-1790 EXPLOITDB text WORKING POC
Webgrind - Path Traversal
Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php.
EIP-2026-113156 EXPLOITDB text WORKING POC
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2)
EIP-2026-112569 EXPLOITDB text WRITEUP
TCExam 11.2.011 - Multiple SQL Injections
CVE-2011-1062 EXPLOITDB text WORKING POC
Taskfreak! - XSS
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
CVE-2011-1062 EXPLOITDB text WORKING POC
Taskfreak! - XSS
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
CVE-2011-1062 EXPLOITDB text WORKING POC
Taskfreak! - XSS
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
CVE-2011-1062 EXPLOITDB text WORKING POC
Taskfreak! - XSS
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
EIP-2026-112907 EXPLOITDB html WORKING POC
up.time 7.5.0 - Superadmin Privilege Escalation
EIP-2026-112906 EXPLOITDB text WORKING POC
up.time 7.5.0 - Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)
EIP-2026-112905 EXPLOITDB text WORKING POC
up.time 7.5.0 - Arbitrary File Disclose and Delete
EIP-2026-112864 EXPLOITDB text WRITEUP
UK One Media CMS - 'id' Error-Based SQL Injection
CVE-2015-1576 EXPLOITDB text WRITEUP
u5CMS <3.9.4 - SQL Injection
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
CVE-2015-1575 EXPLOITDB text WORKING POC
u5CMS <3.9.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php.