LiquidWorm

790 exploits Active since Jun 2006
CVE-2015-2269 EXPLOITDB text WORKING POC
Moodle < 2.5.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
EIP-2026-109321 EXPLOITDB text WRITEUP
Manx 1.0.1 - '/admin/admin_pages.php?Filename' Traversal Arbitrary File Access
EIP-2026-109320 EXPLOITDB text WRITEUP
Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access
CVE-2010-4350 EXPLOITDB text WORKING POC
Mantisbt < 1.2.3 - Path Traversal
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the db_type parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
CVE-2010-4349 EXPLOITDB text WORKING POC
Mantisbt < 1.2.3 - Information Disclosure
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive information via an invalid db_type parameter, which reveals the installation path in an error message, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP.
CVE-2014-4718 EXPLOITDB text WORKING POC
Lunar CMS <3.3-3 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.
EIP-2026-109224 EXPLOITDB text WORKING POC
Lunar CMS 3.3 - Remote Command Execution
EIP-2026-109451 EXPLOITDB html WORKING POC
Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)
EIP-2026-109450 EXPLOITDB text WORKING POC
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution
EIP-2026-109438 EXPLOITDB text WRITEUP
MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-109323 EXPLOITDB text WORKING POC
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-109322 EXPLOITDB text WORKING POC
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-108985 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass
EIP-2026-109141 EXPLOITDB text WORKING POC
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
EIP-2026-109010 EXPLOITDB text WORKING POC
KindEditor - 'name' Cross-Site Scripting
EIP-2026-108989 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - Remote Code Execution
EIP-2026-108988 EXPLOITDB text WRITEUP
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
EIP-2026-108987 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - Database Backup Disclosure
EIP-2026-108986 EXPLOITDB text WORKING POC
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion
CVE-2010-5281 EXPLOITDB text WORKING POC
CMScout IBrowser TinyMCE Plugin <1.4.1 - Path Traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-107878 EXPLOITDB html WORKING POC
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
EIP-2026-107841 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107840 EXPLOITDB text WRITEUP
InfraPower PPS-02-S Q213V1 - Local File Disclosure
EIP-2026-107839 EXPLOITDB text WRITEUP
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
EIP-2026-107838 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery