LiquidWorm

790 exploits Active since Jun 2006
EIP-2026-107731 EXPLOITDB text WRITEUP
IceHrm 7.1 - Multiple Vulnerabilities
EIP-2026-107815 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - Multiple Cross-Site Scripting / SQL Injection Vulnerabilities
EIP-2026-107814 EXPLOITDB text WORKING POC
ImpressPages CMS 3.6 - Arbitrary File Deletion
EIP-2026-107878 EXPLOITDB html WORKING POC
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
CVE-2011-5040 EXPLOITDB text WORKING POC
Infoproject Biznis Heroj - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
EIP-2026-107839 EXPLOITDB text WRITEUP
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
EIP-2026-107837 EXPLOITDB text WORKING POC
InfraPower PPS-02-S Q213V1 - Authentication Bypass
CVE-2010-5281 EXPLOITDB text WORKING POC
CMScout IBrowser TinyMCE Plugin <1.4.1 - Path Traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-107160 EXPLOITDB text WORKING POC
FluxBB 1.5.3 - Multiple Vulnerabilities
CVE-2013-7368 EXPLOITDB text WORKING POC
Gnew 2013.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
CVE-2015-2680 EXPLOITDB text WORKING POC
Metalgenix Genixcms < 0.0.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
CVE-2013-2227 EXPLOITDB HIGH text WORKING POC
Glpi - Improper Input Validation
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
CVSS 7.5
EIP-2026-107354 EXPLOITDB text WRITEUP
GAzie 5.10 - 'Login' Multiple Vulnerabilities
CVE-2015-1424 EXPLOITDB text WORKING POC
Gecko CMS 2.2-2.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
EIP-2026-107043 EXPLOITDB text WORKING POC
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection
EIP-2026-107142 EXPLOITDB html WORKING POC
Flatpress 1.0.3 - Cross-Site Request Forgery / Arbitrary File Upload
EIP-2026-106965 EXPLOITDB text WRITEUP
Exponent CMS 0.97 - Multiple Vulnerabilities
EIP-2026-106987 EXPLOITDB python WORKING POC
EyeLock nano NXT 3.5 - Remote Code Execution
EIP-2026-106818 EXPLOITDB text WORKING POC
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 - Device Config Disclosure
EIP-2026-106986 EXPLOITDB text WORKING POC
EyeLock nano NXT 3.5 - Local File Disclosure
EIP-2026-106982 EXPLOITDB text WORKING POC
eXV2 CMS - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106490 EXPLOITDB text WORKING POC
DoceboLms 4.0.4 - 'index.php' Multiple HTML Injection Vulnerabilities
EIP-2026-106705 EXPLOITDB text WORKING POC
Easy!Appointments 1.2.1 - Cross-Site Scripting
EIP-2026-106451 EXPLOITDB text WORKING POC
Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities
EIP-2026-106564 EXPLOITDB html WORKING POC
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution