AkkuS <Özkan Mustafa Akkuş>

28 exploits Active since Jan 2019
CVE-2019-11445 EXPLOITDB HIGH ruby WORKING POC
OpenKM 6.3.2-6.3.7 - Unauthenticated Remote Code Execution via JSP File Upload
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
CVSS 7.2
EIP-2026-101415 EXPLOITDB ruby WORKING POC
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
CVE-2019-9624 EXPLOITDB HIGH ruby WORKING POC
Webmin 1.900 - Remote Code Execution via Upload and Download Privilege Abuse
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
CVSS 7.8