EmreOvunc

20 exploits Active since May 2018
CVE-2018-11311 NOMISEC CRITICAL WRITEUP
mySCADA myPRO 7 - Use of Hard-coded Credentials in myscadagate.exe
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
12 stars
CVSS 9.1
CVE-2019-5893 NOMISEC CRITICAL WORKING POC
Nelson Open Source ERP 6.3.1 - SQL Injection via Query Parameter
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
5 stars
CVSS 9.8
CVE-2018-11517 NOMISEC MEDIUM WORKING POC
mySCADA myPRO 7 - Unauthenticated Exposure of Sensitive Information via ProjectID Enumeration
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
4 stars
CVSS 5.3
CVE-2018-12031 NOMISEC CRITICAL WORKING POC
Eaton Intelligent Power Manager <1.6 - Path Traversal
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
4 stars
CVSS 9.8
CVE-2019-12460 NOMISEC MEDIUM WORKING POC
WebPort 1.19.1 - Cross-Site Scripting via Setup Type Parameter
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
3 stars
CVSS 6.1
CVE-2018-16133 WRITEUP MEDIUM WORKING POC
CyBroHttpServer 1.0.3 - Path Traversal via URI
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
CVSS 5.3
CVE-2018-16134 WRITEUP MEDIUM WORKING POC
CyBroHttpServer 1.0.3 - Cross-Site Scripting via URI
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
CVSS 6.1
CVE-2019-12460 WRITEUP MEDIUM WORKING POC
WebPort 1.19.1 - Cross-Site Scripting via Setup Type Parameter
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
CVSS 6.1
CVE-2019-12461 WRITEUP MEDIUM WORKING POC
WebPort 1.19.1 - Cross-Site Scripting via Log Type Parameter
Web Port 1.19.1 allows XSS via the /log type parameter.
CVSS 6.1
CVE-2019-12905 WRITEUP MEDIUM WORKING POC
FileRun 2019.05.21 - Cross-Site Scripting via Filename Upload Parameter
FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman&section=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
CVSS 6.1
CVE-2020-19360 WRITEUP HIGH WORKING POC
FHEM 6.0 - Local File Inclusion via FileLog_logWrapper File Parameter
Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.
CVSS 7.5
CVE-2019-12457 WRITEUP MEDIUM WORKING POC
FileRun 2019.05.21 - Directory Listing in images/extjs
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVSS 5.3
CVE-2019-12458 WRITEUP MEDIUM WORKING POC
FileRun 2019.05.21 - Directory Listing via css/ext-ux
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVSS 5.3
CVE-2019-12459 WRITEUP MEDIUM WORKING POC
FileRun 2019.05.21 - Directory Listing in Audio Player Plugin
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVSS 5.3
CVE-2020-19361 WRITEUP MEDIUM WORKING POC
Medintux 2.16.000 - Reflected Cross-Site Scripting via CCAM.php mot1 Parameter
Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVSS 6.1
CVE-2020-19362 WRITEUP MEDIUM WORKING POC
vtiger CRM 7.2.0 - Reflected Cross-Site Scripting via View Parameter
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVSS 6.1
CVE-2020-19363 WRITEUP MEDIUM WORKING POC
vtiger CRM 7.2.0 - Unauthenticated Directory Listing via Libraries and Layout Endpoints
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
CVSS 6.5
CVE-2020-19364 WRITEUP HIGH WORKING POC
OpenEMR 5.0.1 - Authenticated Unrestricted Upload of File with Dangerous Type via controller.php
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.
CVSS 8.8
CVE-2020-23992 WRITEUP MEDIUM WORKING POC
Nagios XI 5.7.1 - Cross-Site Scripting via returnUrl Parameter
Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.
CVSS 6.1
CVE-2020-25385 WRITEUP MEDIUM WORKING POC
Nagios Log Server < 2.1.7 - Stored Cross-Site Scripting via Snapshot Name Parameter
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.
CVSS 6.1