LiquidWorm

790 exploits Active since Jun 2006
EIP-2026-107838 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
EIP-2026-107837 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Authentication Bypass
CVE-2011-5040 EXPLOITDB text WORKING POC
Infoproject Biznis Heroj - Stored Cross-Site Scripting via config Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
EIP-2026-107815 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - Multiple Cross-Site Scripting / SQL Injection Vulnerabilities
EIP-2026-107814 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - Arbitrary File Deletion
EIP-2026-107813 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
EIP-2026-107802 EXPLOITDB text WORKING POC
iManager Plugin 1.2.8 - 'lang' Local File Inclusion
EIP-2026-107801 EXPLOITDB text WORKING POC
iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion
EIP-2026-107731 EXPLOITDB text WRITEUP
IceHrm 7.1 - Multiple Vulnerabilities
CVE-2013-7368 EXPLOITDB text WORKING POC
Gnew 2013.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
CVE-2013-2227 EXPLOITDB HIGH text WORKING POC
GLPI 0.83.7 - Local File Inclusion via common.tabs.php
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
CVSS 7.5
CVE-2015-2680 EXPLOITDB text WORKING POC
GeniXCMS < 0.0.2 - Cross-Site Request Forgery via Administrator Account Addition
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
CVE-2015-1424 EXPLOITDB text WORKING POC
Gecko CMS 2.2-2.3 - Cross-Site Request Forgery via Admin User Creation
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
EIP-2026-107354 EXPLOITDB text WRITEUP
GAzie 5.10 - 'Login' Multiple Vulnerabilities
EIP-2026-107160 EXPLOITDB text WORKING POC
FluxBB 1.5.3 - Multiple Vulnerabilities
EIP-2026-106818 EXPLOITDB text WORKING POC
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
EIP-2026-107142 EXPLOITDB html WORKING POC
Flatpress 1.0.3 - Cross-Site Request Forgery / Arbitrary File Upload
EIP-2026-107043 EXPLOITDB text WORKING POC
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection
EIP-2026-106987 EXPLOITDB python WORKING POC
EyeLock nano NXT 3.5 - Remote Code Execution
EIP-2026-106986 EXPLOITDB text WORKING POC
EyeLock nano NXT 3.5 - Local File Disclosure
EIP-2026-106982 EXPLOITDB text WORKING POC
eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106965 EXPLOITDB text WRITEUP
Exponent CMS 0.97 - Multiple Vulnerabilities
EIP-2026-106490 EXPLOITDB text WORKING POC
DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities
EIP-2026-106705 EXPLOITDB text WORKING POC
Easy!Appointments 1.2.1 - Cross-Site Scripting
EIP-2026-106564 EXPLOITDB html WORKING POC
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution