Ahmet Gurel - Security Researcher - Exploit Intelligence Platform

EIP-2026-105660 EXPLOITDB text WORKING POC

Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting

View Code

CVE-2018-9163 EXPLOITDB MEDIUM text WORKING POC

ManageEngine Recovery Manager Plus < 5.3 - Stored XSS via technicianAction.do loginName

A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.

CVSS 5.4

View Code

CVE-2018-11538 EXPLOITDB HIGH text WORKING POC

Searchblox - Cross-Site Request Forgery

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.

CVSS 8.8

View Code

CVE-2018-11586 EXPLOITDB CRITICAL text WORKING POC

SearchBlox 8.6.7 - Unauthenticated XML External Entity Injection via REST API Status Endpoint

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

CVSS 9.8

View Code