LiquidWorm

790 exploits Active since Jun 2006
EIP-2026-111604 EXPLOITDB text WORKING POC
pyrocms 2.1.1 - Multiple Vulnerabilities
CVE-2012-2741 EXPLOITDB text WRITEUP
phplist < 2.10.18 - Cross-Site Scripting via Num Parameter in Reconcileusers Action
Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.
CVE-2013-5123 EXPLOITDB MEDIUM text WORKING POC
pip < 1.5 - Man-in-the-Middle Attack via Insecure Mirror DNS Querying
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
CVSS 5.9
EIP-2026-110569 EXPLOITDB text WORKING POC
PG eLms Pro vDEC_2007_01 - Multiple Blind SQL Injections
EIP-2026-110568 EXPLOITDB text WORKING POC
PG eLms Pro vDEC_2007_01 - 'contact_us.php' Multiple POST Cross-Site Scripting Vulnerabilities
EIP-2026-110586 EXPLOITDB text WORKING POC
phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting
EIP-2026-109999 EXPLOITDB text WRITEUP
NUUO NVRmini 2 3.0.8 - Local File Disclosure
EIP-2026-109998 EXPLOITDB html WORKING POC
NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)
EIP-2026-109996 EXPLOITDB text WORKING POC
NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access
EIP-2026-109994 EXPLOITDB text WORKING POC
NULL NUKE CMS 2.2 - Multiple Vulnerabilities
EIP-2026-110440 EXPLOITDB python WORKING POC
Pacer Edition CMS 2.1 - 'rm' Arbitrary File Deletion
EIP-2026-110439 EXPLOITDB text WORKING POC
Pacer Edition CMS 2.1 - 'l' Local File Inclusion
CVE-2014-9101 EXPLOITDB text WORKING POC
Oxwall 1.7.0- SkaDate Lite 2.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 (build 7907 and 7906) and SkaDate Lite 2.0 (build 7651) allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks or possibly have other unspecified impact via the (1) label parameter to admin/users/roles/, (2) lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0] in an AddAccountType action or (3) qst_name parameter in an addQuestion action to admin/questions/ajax-responder/, or (4) form_name or (5) restrictedUsername parameter to admin/restricted-usernames.
CVE-2008-4423 EXPLOITDB text WORKING POC
Ovidentia 6.6.5 - SQL Injection via Item Parameter in Contact Modify Action
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
EIP-2026-110413 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - SQL Injection
EIP-2026-110412 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - Remote Code Execution
EIP-2026-110411 EXPLOITDB text WORKING POC
OV3 Online Administration 3.0 - Directory Traversal
CVE-2011-4275 EXPLOITDB php WORKING POC
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
CVE-2014-5100 EXPLOITDB text WORKING POC
Omeka < 2.2.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
EIP-2026-110001 EXPLOITDB python WORKING POC
NUUO NVRmini 2 3.0.8 - Remote Code Execution
EIP-2026-110000 EXPLOITDB text WORKING POC
NUUO NVRmini 2 3.0.8 - Multiple OS Command Injections
EIP-2026-109567 EXPLOITDB html WORKING POC
Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities
EIP-2026-109548 EXPLOITDB text WORKING POC
MODx REvolution CMS 2.0.4-pl2 - POST injection Cross-Site Scripting
EIP-2026-109621 EXPLOITDB text WORKING POC
MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-109620 EXPLOITDB text WORKING POC
MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting