Emre ÖVÜNÇ

15 exploits Active since May 2018
CVE-2019-14322 NOMISEC HIGH SCANNER
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS 7.5
CVE-2018-16133 EXPLOITDB MEDIUM text WORKING POC
CyBroHttpServer 1.0.3 - Path Traversal via URI
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
CVSS 5.3
CVE-2018-16134 EXPLOITDB MEDIUM text WORKING POC
CyBroHttpServer 1.0.3 - Cross-Site Scripting via URI
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
CVSS 6.1
CVE-2019-14322 EXPLOITDB HIGH python WORKING POC
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS 7.5
CVE-2019-12460 EXPLOITDB MEDIUM text WORKING POC
WebPort 1.19.1 - Cross-Site Scripting via Setup Type Parameter
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
CVSS 6.1
EIP-2026-110465 EXPLOITDB text WORKING POC
PandoraFMS NG747 7.0 - 'filename' Persistent Cross-Site Scripting
EIP-2026-110293 EXPLOITDB text WORKING POC
OpenEMR 5.0.1 - 'controller' Remote Code Execution
EIP-2026-107079 EXPLOITDB text WORKING POC
FHEM 6.0 - Local File Inclusion
EIP-2026-104366 EXPLOITDB text WORKING POC
Odoo 12.0 - Local File Inclusion
CVE-2019-12461 EXPLOITDB MEDIUM text WORKING POC
WebPort 1.19.1 - Cross-Site Scripting via Log Type Parameter
Web Port 1.19.1 allows XSS via the /log type parameter.
CVSS 6.1
CVE-2019-5893 EXPLOITDB CRITICAL text WORKING POC
Nelson Open Source ERP 6.3.1 - SQL Injection via Query Parameter
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
CVSS 9.8
EIP-2026-104348 EXPLOITDB text WORKING POC
Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting
CVE-2019-12905 EXPLOITDB MEDIUM text WORKING POC
FileRun 2019.05.21 - Cross-Site Scripting via Filename Upload Parameter
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
CVSS 6.1
EIP-2026-101676 EXPLOITDB text WORKING POC
Eaton Intelligent Power Manager 1.6 - Directory Traversal
CVE-2018-11311 EXPLOITDB CRITICAL text WORKING POC
mySCADA myPRO 7 - Use of Hard-coded Credentials in myscadagate.exe
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVSS 9.1