Berk Dusunur - Security Researcher - Exploit Intelligence Platform

CVE-2018-25365 EXPLOITDB HIGH text WORKING POC

PCViewer vt1000 Directory Traversal via GET Request

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system files outside the intended directory.

CVSS 7.5

View Code

CVE-2018-25331 EXPLOITDB MEDIUM text WORKING POC

Zenar Content Management System Cross-Site Scripting via ajax.php

Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script tags through the current_page parameter sent to the ajax.php endpoint, which reflects unsanitized user input in the response HTML to execute arbitrary JavaScript in victim browsers.

CVSS 6.1

View Code

CVE-2020-37057 EXPLOITDB HIGH text WORKING POC

Online-Exam-System 2015 - SQL Injection

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.

CVSS 8.2

View Code

CVE-2021-41487 EXPLOITDB CRITICAL text WORKING POC

NOKIA VitalSuite SPM 2020 - SQL Injection via UserName Parameter

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.

CVSS 9.8

View Code

CVE-2018-18822 EXPLOITDB CRITICAL text WORKING POC

Grapixel New Media v2.0 - SQL Injection via pages.aspx pageref Parameter

Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.

CVSS 9.8

View Code

CVE-2018-12984 EXPLOITDB CRITICAL text WORKING POC

Hycus CMS 1.0.4 - Authentication Bypass via '=' 'OR' Credentials

Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.

CVSS 9.8

View Code

CVE-2018-14933 EXPLOITDB CRITICAL text WORKING POC

NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

CVSS 9.8

View Code

CVE-2018-14012 EXPLOITDB CRITICAL text WORKING POC

WolfSight CMS 3.2 - SQL Injection via PATH_INFO

WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.

CVSS 9.8

View Code

CVE-2018-12689 EXPLOITDB CRITICAL text WORKING POC

phpLDAPadmin 1.2.2 - LDAP Injection via Login Form Parameters

phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.

CVSS 9.8

View Code

CVE-2018-12632 EXPLOITDB MEDIUM text WORKING POC

Redatam < 7 - Information Disclosure via Invalid LFN Parameter

Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.

CVSS 5.3

View Code

CVE-2018-12631 EXPLOITDB HIGH text WORKING POC

Redatam < 7 - Unauthenticated Path Traversal via LFN Parameter

Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.

CVSS 7.5

View Code

CVE-2018-12630 EXPLOITDB CRITICAL text WORKING POC

nmark NMCMS 2.1 - SQL Injection via sect_id Parameter

NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.

CVSS 9.8

View Code

CVE-2018-11227 EXPLOITDB MEDIUM text WORKING POC

Monstra CMS < 3.0.4 - Cross-Site Scripting via index.php

Monstra CMS 3.0.4 and earlier has XSS via index.php.

CVSS 6.1

View Code

CVE-2018-14933 METASPLOIT CRITICAL ruby WORKING POC

NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

CVSS 9.8

View Code

CVE-2018-7719 EXPLOITDB HIGH text WORKING POC

Acrolinx Server <5.2.5 - Path Traversal

Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.

CVSS 7.5

View Code

EIP-2026-113846 EXPLOITDB text WORKING POC

WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

View Code

CVE-2018-14933 EXPLOITDB CRITICAL ruby WORKING POC

NUUO NVRmini Firmware - Remote Command Execution via uploaddir Parameter

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

CVSS 9.8

View Code

EIP-2026-103325 EXPLOITDB text WORKING POC

Synology DiskStation Manager 4.1 - Directory Traversal

View Code

EIP-2026-102391 EXPLOITDB text WORKING POC

Liferay CE Portal 6.0.2 - Remote Command Execution

View Code

EIP-2026-101758 EXPLOITDB text WORKING POC

GeoVision GV-SNVR0811 - Directory Traversal

View Code