Berk Cem Göksel

7 exploits Active since Oct 2017
CVE-2018-10286 EXPLOITDB HIGH python WORKING POC
Ericsson-LG iPECS NMS A.1Ac - Info Disclosure
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated.
CVSS 8.8
CVE-2018-10285 EXPLOITDB CRITICAL python WORKING POC
Ericsson-LG iPECS NMS A.1Ac - Auth Bypass
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
CVSS 9.8
CVE-2017-15222 EXPLOITDB CRITICAL python WORKING POC
nftp < 2.0 - Remote Code Execution via Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
CVSS 9.8
CVE-2018-12292 EXPLOITDB CRITICAL text WORKING POC
Pale Moon < 27.9.3 - Use-After-Free in DOMProxyHandler
A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3.
CVSS 9.8
EIP-2026-115086 EXPLOITDB python WORKING POC
Core FTP LE 2.2 - Buffer Overflow (PoC)
CVE-2017-15223 EXPLOITDB MEDIUM python WORKING POC
ArGoSoft Mini Mail Server < 1.0.0.2 - Denial of Service via Infinite Loop
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
CVSS 5.3
CVE-2018-9245 EXPLOITDB CRITICAL python WORKING POC
Ericsson-LG iPECS NMS A.1Ac - SQL Injection via Login Portal User ID and Password Fields
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.
CVSS 9.8