Han Sahin

12 exploits Active since Jan 2015
CVE-2015-6911 EXPLOITDB WORKING POC
Synology Video Station < 1.5-0757 - SQL Injection via id Parameter
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
CVE-2015-2682 EXPLOITDB text WRITEUP
Citrix Command Center <5.1-5.2 - Info Disclosure
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
EIP-2026-113923 EXPLOITDB text WORKING POC
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
EIP-2026-113527 EXPLOITDB text WRITEUP
WordPress Plugin Activity Log 2.3.1 - Persistent Cross-Site Scripting
EIP-2026-104599 EXPLOITDB text WRITEUP
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation
CVE-2016-0891 EXPLOITDB HIGH html WORKING POC
EMC ViPR SRM < 3.6.4 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
CVSS 8.8
EIP-2026-103372 EXPLOITDB text WORKING POC
HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation
CVE-2015-2838 EXPLOITDB text WORKING POC
Citrix NetScaler - Cross-Site Request Forgery via Nitro API
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
CVE-2015-2746 EXPLOITDB text WRITEUP
Websense TRITON 7.8.3 and V-Series < 7.8.4 - Authenticated Command Injection via CommandLineServlet
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.
CVE-2015-0516 EXPLOITDB text WRITEUP
EMC ViPR SRM < 3.6.1 and Watch4Net < 6.5u1 - Authenticated Path Traversal
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2015-0514 EXPLOITDB text WORKING POC
EMC Watch4Net < 6.5 and ViPR SRM < 3.6.0 - Unauthorized Exposure of Sensitive Credentials
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
CVE-2015-6912 EXPLOITDB text WORKING POC
Synology Video Station < 1.5-0757 - Remote Command Execution via Subtitle Codepage Parameter
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.