Özkan Mustafa Akkuş (AkkuS) - Security Researcher

CVE-2018-19799 EXPLOITDB MEDIUM text WORKING POC

Dolibarr ERP/CRM <= 8.0.3 - Cross-Site Scripting via Export Datatoexport Parameter

Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.

CVSS 6.1

View Code

EIP-2026-106720 EXPLOITDB text WORKING POC

easyLetters 1.0 - 'id' SQL Injection

View Code

EIP-2026-106695 EXPLOITDB text WORKING POC

Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting

View Code

EIP-2026-105590 EXPLOITDB text WORKING POC

BookingWizz Booking System 5.5 - 'id' SQL Injection

View Code

EIP-2026-105369 EXPLOITDB text WORKING POC

Baby Names Search Engine 1.0 - 'a' SQL Injection

View Code

EIP-2026-105055 EXPLOITDB text WORKING POC

Ajax Full Featured Calendar 2.0 - 'search' SQL Injection

View Code

EIP-2026-103304 EXPLOITDB text WORKING POC

NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection

View Code

CVE-2019-13597 EXPLOITDB CRITICAL python WORKING POC

Sahi Pro 8.0.0 - Unauthenticated Remote Code Execution via Player_setScriptFile

_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.

CVSS 9.8

View Code

CVE-2018-20503 EXPLOITDB MEDIUM text WORKING POC

Allied Telesis 8100L/8 Firmware - Stored Cross-Site Scripting via IPv4 Interface Editor

Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.

CVSS 6.1

View Code