LiquidWorm

790 exploits Active since Jun 2006
CVE-2015-1575 EXPLOITDB text WORKING POC
u5CMS < 3.9.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php.
EIP-2026-112841 EXPLOITDB text WRITEUP
u5CMS 3.9.3 - 'thumb.php' Local File Inclusion
CVE-2015-1577 EXPLOITDB text WORKING POC
u5CMS < 3.9.3 - Path Traversal and Arbitrary File Write via f Parameter
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
EIP-2026-112813 EXPLOITDB text WRITEUP
Tutorialms 1.4 - 'show' SQL Injection
EIP-2026-112808 EXPLOITDB text WRITEUP
Tugux CMS 1.2 - Multiple Vulnerabilities
EIP-2026-112807 EXPLOITDB text WORKING POC
Tugux CMS 1.2 - 'pid' Arbitrary File Deletion
EIP-2026-112734 EXPLOITDB text WORKING POC
Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting
EIP-2026-112637 EXPLOITDB html WORKING POC
The Pacer Edition CMS 2.1 - 'email' Cross-Site Scripting
EIP-2026-112201 EXPLOITDB html WORKING POC
SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
CVE-2012-4773 EXPLOITDB text WORKING POC
Subrion CMS < 2.2.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
CVE-2014-10009 EXPLOITDB text WORKING POC
Stark CRM 1.0 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
EIP-2026-112398 EXPLOITDB text WRITEUP
Sports Accelerator Suite 2.0 - 'news_id' SQL Injection
EIP-2026-112394 EXPLOITDB text WORKING POC
Spitfire CMS 1.0.475 - PHP Object Injection
CVE-2014-9344 EXPLOITDB html WORKING POC
Snowfox CMS < 1.0 - Cross-Site Request Forgery via Admin Account Creation
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/.
EIP-2026-112202 EXPLOITDB python WORKING POC
SkaDate Lite 2.0 - Remote Code Execution
EIP-2026-112168 EXPLOITDB html WORKING POC
SiNG cms - 'Password.php' Cross-Site Scripting
EIP-2026-111657 EXPLOITDB text WORKING POC
R-Scripts Vacation Rental Script 7R - Multiple Vulnerabilities
CVE-2011-5116 EXPLOITDB text WORKING POC
SetSeed CMS < 5.11.2 - SQL Injection via loggedInUser Cookie
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie.
EIP-2026-111666 EXPLOITDB text WRITEUP
RaidenTunes - 'music_out.php' Cross-Site Scripting
CVE-2006-2758 EXPLOITDB text WRITEUP
jetty 6.0.x beta16 - Path Traversal via Encoded URL
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.
EIP-2026-111460 EXPLOITDB text WORKING POC
PRADO PHP Framework 3.2.0 - Arbitrary File Read
EIP-2026-111392 EXPLOITDB text WRITEUP
pointter PHP content management system 1.2 - Multiple Vulnerabilities
CVE-2011-1100 EXPLOITDB text WRITEUP
Pixelpost 1.7.3 - Authenticated SQL Injection via findfid, id, selectfcat, selectfmon, or selectftag Parameter
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
CVE-2013-1469 EXPLOITDB text WORKING POC
Piwigo < 2.4.7 - Path Traversal via Install.php DL Parameter
Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter.
EIP-2026-111618 EXPLOITDB text WORKING POC
qEngine CMS 6.0.0 - Multiple Vulnerabilities