Özkan Mustafa AKKUŞ

10 exploits Active since Jun 2019
CVE-2019-12840 NOMISEC HIGH WORKING POC
Webmin < 1.910 - OS Command Injection
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
4 stars
CVSS 8.8
CVE-2021-43339 EXPLOITDB HIGH ruby WORKING POC
Ericsson Network Location <2021-07-31 - Command Injection
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
CVSS 8.8
CVE-2022-22833 EXPLOITDB HIGH ruby WORKING POC
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
CVSS 7.5
CVE-2022-22832 EXPLOITDB CRITICAL ruby WORKING POC
Servisnet Tessa - IDOR
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
CVSS 9.8
CVE-2021-3113 EXPLOITDB HIGH ruby WORKING POC
Netsia SEBA+ <0.16.1 build 70-e669dcd7 - Info Disclosure
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,
CVSS 7.5
CVE-2021-43338 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidate is a duplicate of CVE-2021-43339. Notes: All CVE users should reference CVE-2021-43339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2022-22831 EXPLOITDB CRITICAL ruby WORKING POC
Servisnet Tessa - Authentication Bypass
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
CVSS 9.8
CVE-2022-22832 EXPLOITDB CRITICAL ruby WORKING POC
Servisnet Tessa - IDOR
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
CVSS 9.8
CVE-2022-22833 EXPLOITDB HIGH ruby WORKING POC
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
CVSS 7.5
CVE-2020-14930 EXPLOITDB HIGH text WORKING POC
BT CTROMS Terminal OS Port Portal CT-464 - Info Disclosure
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.
CVSS 8.1