Berk Dusunur

20 exploits Active since Mar 2018
CVE-2020-37057 EXPLOITDB HIGH text WORKING POC
Online-Exam-System 2015 - SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information.
CVSS 8.2
CVE-2021-41487 EXPLOITDB CRITICAL text WORKING POC
Nokia Vitalsuite - SQL Injection
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
CVSS 9.8
CVE-2018-18822 EXPLOITDB CRITICAL text WORKING POC
Grapixel New Media - SQL Injection
Grapixel New Media v2.0 allows SQL Injection via the pages.aspx pageref parameter.
CVSS 9.8
CVE-2018-12984 EXPLOITDB CRITICAL text WORKING POC
Hycus Cms - Authentication Bypass
Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.
CVSS 9.8
CVE-2018-14933 EXPLOITDB CRITICAL text WORKING POC
NUUO NVRmini - RCE
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVSS 9.8
CVE-2018-14012 EXPLOITDB CRITICAL text WORKING POC
WolfSight CMS 3.2 - SQL Injection
WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.
CVSS 9.8
CVE-2018-12689 EXPLOITDB CRITICAL text WORKING POC
phpLDAPadmin 1.2.2 - SQL Injection
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
CVSS 9.8
CVE-2018-12632 EXPLOITDB MEDIUM text WORKING POC
Redatam7 - Info Disclosure
Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI.
CVSS 5.3
CVE-2018-12631 EXPLOITDB HIGH text WORKING POC
Redatam7 - Path Traversal
Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal.
CVSS 7.5
CVE-2018-12630 EXPLOITDB CRITICAL text WORKING POC
NEWMARK NMCMS 2.1 - SQL Injection
NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI.
CVSS 9.8
CVE-2018-11227 EXPLOITDB MEDIUM text WORKING POC
Monstra Cms < 3.0.4 - XSS
Monstra CMS 3.0.4 and earlier has XSS via index.php.
CVSS 6.1
CVE-2018-14933 METASPLOIT CRITICAL ruby WORKING POC
NUUO NVRmini - RCE
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVSS 9.8
EIP-2026-119413 EXPLOITDB text WORKING POC
PCViewer vt1000 - Directory Traversal
CVE-2018-7719 EXPLOITDB HIGH text WORKING POC
Acrolinx Server <5.2.5 - Path Traversal
Acrolinx Server before 5.2.5 on Windows allows Directory Traversal.
CVSS 7.5
EIP-2026-114600 EXPLOITDB text WORKING POC
Zenar Content Management System - Cross-Site Scripting
EIP-2026-113846 EXPLOITDB text WORKING POC
WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting
CVE-2018-14933 EXPLOITDB CRITICAL ruby WORKING POC
NUUO NVRmini - RCE
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVSS 9.8
EIP-2026-103325 EXPLOITDB text WORKING POC
Synology DiskStation Manager 4.1 - Directory Traversal
EIP-2026-102391 EXPLOITDB text WORKING POC
Liferay CE Portal 6.0.2 - Remote Command Execution
EIP-2026-101758 EXPLOITDB text WORKING POC
GeoVision GV-SNVR0811 - Directory Traversal