Ahmet Ümit BAYRAM

106 exploits Active since Jun 2019
CVE-2023-53926 EXPLOITDB CRITICAL text WORKING POC
PHPJabbers Simple CMS 5.0 - SQL Injection
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information.
CVSS 9.8
CVE-2023-53879 EXPLOITDB MEDIUM text WORKING POC
NVClient 5.0 - Buffer Overflow
NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing a denial of service condition.
CVSS 5.5
CVE-2023-53874 EXPLOITDB CRITICAL python WORKING POC
GOM Player <2.3.90.5360 - Buffer Overflow
GOM Player 2.3.90.5360 contains a buffer overflow vulnerability in the equalizer preset name input field that allows attackers to crash the application. Attackers can overwrite the preset name with 260 'A' characters to trigger a buffer overflow and cause application instability.
CVSS 9.8
CVE-2023-53872 EXPLOITDB CRITICAL python WORKING POC
Wp2Fac 1.0 - Command Injection
Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code.
CVE-2023-43131 EXPLOITDB CRITICAL python WORKING POC
General Device Manager 2.5.2.2 - Buffer Overflow
General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.
CVSS 9.8
CVE-2023-7327 EXPLOITDB HIGH text WORKING POC
Ozeki SMS Gateway <=10.3.208 - Path Traversal
Ozeki SMS Gateway versions up to and including 10.3.208 contain a path traversal vulnerability. Successful exploitation allows an unauthenticated attacker to use URL-encoded traversal sequences to read arbitrary files from the underlying filesystem with the privileges of the gateway service, leading to disclosure of sensitive information.
CVE-2020-37006 EXPLOITDB HIGH text WORKING POC
berliCRM 1.0.24 - SQL Injection
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information.
CVSS 8.2
CVE-2020-37002 EXPLOITDB CRITICAL python WORKING POC
Ajenti 2.1.36 - Command Injection
Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.
CVSS 9.8
CVE-2019-25335 EXPLOITDB HIGH text WORKING POC
PRO-7070 1.0 - Auth Bypass
PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface.
CVSS 7.5
EIP-2026-116690 EXPLOITDB WRITEUP
7 Sticky Notes v1.9 - OS Command Injection
EIP-2026-113454 EXPLOITDB text WRITEUP
Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
EIP-2026-112632 EXPLOITDB text WORKING POC
The Company Business Website CMS - Multiple Vulnerabilities
EIP-2026-112642 EXPLOITDB text WORKING POC
The Shop v2.5 - SQL Injection
EIP-2026-112563 EXPLOITDB text WORKING POC
Taskhub CRM Tool 2.8.6 - SQL Injection
EIP-2026-112220 EXPLOITDB text WORKING POC
Small CRM 2.0 - 'email' SQL Injection
EIP-2026-112416 EXPLOITDB text WORKING POC
Stackposts Social Marketing Tool v1.0 - SQL Injection
EIP-2026-112311 EXPLOITDB python WORKING POC
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
EIP-2026-112234 EXPLOITDB text WORKING POC
Smart School v1.0 - SQL Injection
EIP-2026-111647 EXPLOITDB text WORKING POC
Quicklancer v1.0 - SQL Injection
EIP-2026-110427 EXPLOITDB text WORKING POC
OVOO Movie Portal CMS v3.3.3 - SQL Injection
EIP-2026-109571 EXPLOITDB python WORKING POC
Monstra CMS 3.0.4 - Remote Code Execution (RCE)
EIP-2026-109086 EXPLOITDB text WORKING POC
LeadPro CRM v1.0 - SQL Injection
EIP-2026-109087 EXPLOITDB text WORKING POC
Leafpub 1.1.9 - Stored Cross-Site Scripting (XSS)
EIP-2026-108116 EXPLOITDB text WORKING POC
Jobpilot v2.61 - SQL Injection
EIP-2026-107425 EXPLOITDB text WORKING POC
Global - Multi School Management System Express v1.0- SQL Injection