EmreOvunc

14 exploits Active since May 2018
CVE-2018-11311 NOMISEC CRITICAL WRITEUP
Myscada Mypro - Hard-coded Credentials
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
12 stars
CVSS 9.1
CVE-2019-5893 NOMISEC CRITICAL WORKING POC
Nelson-it Open Source Erp - SQL Injection
Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.
5 stars
CVSS 9.8
CVE-2018-11517 NOMISEC MEDIUM WORKING POC
Myscada Mypro - Information Disclosure
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
4 stars
CVSS 5.3
CVE-2018-12031 NOMISEC CRITICAL WORKING POC
Eaton Intelligent Power Manager <1.6 - Path Traversal
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action.
4 stars
CVSS 9.8
CVE-2019-12460 NOMISEC MEDIUM WORKING POC
Webport Web Port - XSS
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
3 stars
CVSS 6.1
CVE-2019-12457 WRITEUP MEDIUM WORKING POC
Afian Filerun < 2019.06.01 - Path Traversal
FileRun 2019.05.21 allows images/extjs Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVSS 5.3
CVE-2019-12458 WRITEUP MEDIUM WORKING POC
Afian Filerun < 2019.06.01 - Path Traversal
FileRun 2019.05.21 allows css/ext-ux Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVSS 5.3
CVE-2019-12459 WRITEUP MEDIUM WORKING POC
Afian Filerun < 2019.06.01 - Path Traversal
FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. This issue has been fixed in FileRun 2019.06.01.
CVSS 5.3
CVE-2020-19361 WRITEUP MEDIUM WORKING POC
Medintux - XSS
Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVSS 6.1
CVE-2020-19362 WRITEUP MEDIUM WORKING POC
Vtiger Crm - XSS
Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page.
CVSS 6.1
CVE-2020-19363 WRITEUP MEDIUM WORKING POC
Vtiger Crm - Information Disclosure
Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.
CVSS 6.5
CVE-2020-19364 WRITEUP HIGH WORKING POC
Open-emr Openemr - Unrestricted File Upload
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.
CVSS 8.8
CVE-2020-23992 WRITEUP MEDIUM WORKING POC
Nagios XI 5.7.1 - XSS
Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.
CVSS 6.1
CVE-2020-25385 WRITEUP MEDIUM WORKING POC
Nagios Log Server < 2.1.7 - XSS
Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a maliciously crafted link or third-party web page.
CVSS 6.1