Canberk BOLAT

20 exploits Active since Nov 2011
CVE-2020-15568 NOMISEC CRITICAL WORKING POC
TerraMaster TOS <4.1.29 - Code Injection
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
3 stars
CVSS 9.8
EIP-2026-119174 EXPLOITDB ruby WORKING POC
Sunway Force Control SCADA 6.1 SP3 - 'httpsrv.exe' Remote Overflow
EIP-2026-114056 EXPLOITDB text WORKING POC
WordPress Plugin Simple:Press 4.3.0 - SQL Injection
CVE-2010-4970 EXPLOITDB text WORKING POC
Wiki Web Help 0.28 - SQL Injection
SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-113269 EXPLOITDB html WORKING POC
webERP 3.11.4 - Multiple Vulnerabilities
CVE-2012-5907 EXPLOITDB text WORKING POC
Tomatocart - Path Traversal
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
EIP-2026-110342 EXPLOITDB text WORKING POC
OrderSys 1.6.4 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-109940 EXPLOITDB text WORKING POC
NinkoBB - Cross-Site Request Forgery
CVE-2013-4951 EXPLOITDB text WRITEUP
Mintboard 0.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.
EIP-2026-108042 EXPLOITDB text WORKING POC
Jara 1.6 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-107509 EXPLOITDB text WRITEUP
Group Office - 'comment_id' SQL Injection
EIP-2026-107510 EXPLOITDB text WORKING POC
Group Office - Remote Command Execution
EIP-2026-106030 EXPLOITDB html WORKING POC
CMSQLite / CMySQLite 1.3 - Cross-Site Request Forgery
EIP-2026-105545 EXPLOITDB text WORKING POC
BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-105384 EXPLOITDB text WORKING POC
Banana Dance - Cross-Site Scripting / SQL Injection
EIP-2026-104660 EXPLOITDB text WRITEUP
PHP 5.3.3 - 'ibase_gen_id()' Off-by-One Overflow
EIP-2026-104914 EXPLOITDB text WRITEUP
Achievo 1.4.5 - Multiple Vulnerabilities (1)
CVE-2018-11586 EXPLOITDB CRITICAL text WORKING POC
Searchblox - SSRF
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVSS 9.8
EIP-2026-102455 EXPLOITDB text WRITEUP
Apache JackRabbit 2.0.0 - webapp XPath Injection
CVE-2018-11538 EXPLOITDB HIGH text WORKING POC
Searchblox - CSRF
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
CVSS 8.8