LiquidWorm

790 exploits Active since Jun 2006
EIP-2026-106495 EXPLOITDB html WORKING POC
docuFORM Mercury WebApp 6.16a/5.20 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-106491 EXPLOITDB text WORKING POC
DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities
EIP-2026-106451 EXPLOITDB text WORKING POC
Digital Scribe 1.5 - register_form()' Multiple POST Cross-Site Scripting Vulnerabilities
EIP-2026-106178 EXPLOITDB text WORKING POC
cotonti CMS 0.9.4 - Multiple Vulnerabilities
EIP-2026-106275 EXPLOITDB text WORKING POC
cultbooking 2.0.4 - Multiple Vulnerabilities
CVE-2013-3535 EXPLOITDB python WORKING POC
Themelogik Cmslogik - XSS
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.
CVE-2014-8577 EXPLOITDB text WORKING POC
Croogo < 2.0.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Croogo before 2.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Contact][title] parameter to admin/contacts/contacts/add page; (2) data[Block][title] or (3) data[Block][alias] parameter to admin/blocks/blocks/edit page; (4) data[Region][title] parameter to admin/blocks/regions/add page; (5) data[Menu][title] or (6) data[Menu][alias] parameter to admin/menus/menus/add page; or (7) data[Link][title] parameter to admin/menus/links/add/menu page.
EIP-2026-106241 EXPLOITDB python WORKING POC
Croogo 2.0.0 - Arbitrary PHP Code Execution
CVE-2014-10035 EXPLOITDB text WORKING POC
Couponphp < 1.1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php.
EIP-2026-106136 EXPLOITDB text WORKING POC
Constructr CMS 3.03 - Multiple Remote Vulnerabilities
EIP-2026-105705 EXPLOITDB text WRITEUP
Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities
EIP-2026-105785 EXPLOITDB text WORKING POC
Centreon 2.6.1 - Multiple Vulnerabilities
EIP-2026-105763 EXPLOITDB text WORKING POC
CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
EIP-2026-105753 EXPLOITDB text WORKING POC
Cart Engine 3.0.0 - Remote Code Execution
EIP-2026-105752 EXPLOITDB text WORKING POC
Cart Engine 3.0.0 - Database Backup Disclosure
EIP-2026-105751 EXPLOITDB text WORKING POC
Cart Engine 3.0.0 - 'task.php' Local File Inclusion
EIP-2026-105612 EXPLOITDB text WORKING POC
BoxBilling 3.6.11 - 'mod_notification' Persistent Cross-Site Scripting
EIP-2026-105460 EXPLOITDB html WORKING POC
BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
CVE-2015-5530 EXPLOITDB text WORKING POC
Free Reprintables ArticleFR 3.0.6 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/.
EIP-2026-105381 EXPLOITDB html WORKING POC
Balero CMS 0.7.2 - Multiple JS/HTML Injection Vulnerabilities
EIP-2026-105380 EXPLOITDB text WORKING POC
Balero CMS 0.7.2 - Multiple Blind SQL Injections
CVE-2012-2911 EXPLOITDB text WORKING POC
SiliSoftware backupDB <1.2.7a - XSS
Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter.
CVE-2012-3838 EXPLOITDB text WORKING POC
Babygekko Baby Gekko < 1.1.5 - Information Disclosure
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.
EIP-2026-105290 EXPLOITDB text WORKING POC
ATutor 2.0.2 - Multiple Vulnerabilities
CVE-2012-2905 EXPLOITDB text WORKING POC
Artiphp CMS 5.5.0 Neo - Info Disclosure
Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request.