Halil Dalabasmaz

12 exploits Active since Nov 2014
EIP-2026-117927 EXPLOITDB text WRITEUP
SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation
EIP-2026-117924 EXPLOITDB text WRITEUP
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
CVE-2014-9179 EXPLOITDB text WRITEUP
WordPress SupportEzzy Ticket System 1.2.5 - XSS
Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.
CVE-2014-9516 EXPLOITDB text WRITEUP
Social Microblogging PRO 1.5 - XSS
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
EIP-2026-112001 EXPLOITDB text WRITEUP
Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities
CVE-2014-8954 EXPLOITDB text WRITEUP
phpSound 1.0.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php.
EIP-2026-109593 EXPLOITDB text WORKING POC
Mouse Media Script 1.6 - Persistent Cross-Site Scripting
CVE-2014-8997 EXPLOITDB text WRITEUP
DigitalVidhya Digi Online Examination System 2.0 - RCE
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.
EIP-2026-106234 EXPLOITDB text WRITEUP
Crea8Social 1.3 - Persistent Cross-Site Scripting
CVE-2015-2198 EXPLOITDB text WRITEUP
Beehive Forum - XSS
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
CVE-2014-100013 EXPLOITDB text WRITEUP
Clientresponse - XSS
Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field.
EIP-2026-101268 EXPLOITDB text WRITEUP
Exagate WEBPack Management System - Multiple Vulnerabilities