Ahmet Gurel

4 exploits Active since Apr 2018
EIP-2026-105660 EXPLOITDB text WORKING POC
Business Networking Script 8.11 - SQL Injection / Cross-Site Scripting
CVE-2018-9163 EXPLOITDB MEDIUM text WORKING POC
Zohocorp Manageengine Recovery Manager Plus < 5.3 - XSS
A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do.
CVSS 5.4
CVE-2018-11538 EXPLOITDB HIGH text WORKING POC
Searchblox - CSRF
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
CVSS 8.8
CVE-2018-11586 EXPLOITDB CRITICAL text WORKING POC
Searchblox - SSRF
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVSS 9.8