Emir Polat

10 exploits Active since Jul 2022
CVE-2022-31188 NOMISEC HIGH WORKING POC
CVAT <2.0.0 - SSRF
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.
5 stars
CVSS 8.6
CVE-2022-36446 NOMISEC CRITICAL WORKING POC
Webmin <1.997 - XSS
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
2 stars
CVSS 9.8
CVE-2023-22515 METASPLOIT CRITICAL ruby WORKING POC
Atlassian Confluence Unauthenticated Remote Code Execution
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CVSS 9.8
CVE-2023-27253 METASPLOIT HIGH ruby WORKING POC
Netgate pfSense <2.7.0 - Command Injection
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
CVSS 8.8
CVE-2022-36446 METASPLOIT CRITICAL ruby WORKING POC
Webmin <1.997 - XSS
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
CVE-2022-31188 EXPLOITDB HIGH text WORKING POC
CVAT <2.0.0 - SSRF
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 8.6
CVE-2023-27253 EXPLOITDB HIGH ruby WORKING POC
Netgate pfSense <2.7.0 - Command Injection
A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.
CVSS 8.8
EIP-2026-104420 EXPLOITDB text WORKING POC
Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)
EIP-2026-104175 EXPLOITDB ruby WORKING POC
Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)
CVE-2022-36446 EXPLOITDB CRITICAL python WORKING POC
Webmin <1.997 - XSS
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8