Ismail Tasdelen

76 exploits Active since Aug 2018
CVE-2018-17590 EXPLOITDB MEDIUM text WORKING POC
AirTies Air 5442 Firmware 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
CVSS 6.1
CVE-2018-17588 EXPLOITDB MEDIUM text WORKING POC
AirTies Air 5021 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
CVSS 6.1
CVE-2018-17587 EXPLOITDB MEDIUM text WORKING POC
AirTies Air 5750 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
CVSS 6.1
CVE-2018-17313 EXPLOITDB MEDIUM text WORKING POC
RICOH MP C307 Firmware - Stored Cross-Site Scripting via entryNameIn Parameter
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
CVSS 6.1
CVE-2019-25324 EXPLOITDB MEDIUM text WORKING POC
RICOH Web Image Monitor 1.09 - HTML Injection via Address Configuration CGI Script
RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.
CVSS 6.1
CVE-2019-25323 EXPLOITDB MEDIUM text WORKING POC
Heatmiser Netmonitor 3.03 - HTML Injection via outputtitle Parameter
Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and potentially manipulate the web interface's displayed content.
CVSS 6.1
CVE-2019-25322 EXPLOITDB HIGH text WRITEUP
Heatmiser Netmonitor 3.03 - Hardcoded Credentials
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields.
CVSS 7.5
CVE-2019-25313 EXPLOITDB MEDIUM text WORKING POC
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery to Add Local Admin
FlexNet Publisher 11.12.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without authentication. Attackers can craft a malicious HTML form to trick authenticated users into submitting a request that creates a new local admin account with a predefined password.
CVSS 4.0
CVE-2019-19833 METASPLOIT MEDIUM ruby WORKING POC
Tautulli 2.1.9 - Cross-Site Request Forgery via /shutdown Endpoint
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
CVSS 6.5
EIP-2026-119443 EXPLOITDB text WORKING POC
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
CVE-2018-15740 EXPLOITDB MEDIUM text WORKING POC
ManageEngine ADManager Plus 6.5.7 - Stored Cross-Site Scripting in Workflow Delegation Requester Roles
Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.
CVSS 6.1
CVE-2018-15608 EXPLOITDB MEDIUM text WORKING POC
ManageEngine ADManager Plus 6.5.7 - HTML Injection in AD Delegation Help Desk Technicians Screen
Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.
CVSS 6.1
CVE-2019-10226 EXPLOITDB MEDIUM text WORKING POC
Fat Free CRM v0.19.0 - HTML Injection
HTML Injection has been discovered in the v0.19.0 version of the Fat Free CRM product via an authenticated request to the /comments URI. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is a XSS protection mechanism.
CVSS 5.4
EIP-2026-114694 EXPLOITDB text WORKING POC
CAMALEON CMS 2.4 - Cross-Site Scripting
EIP-2026-114093 EXPLOITDB text WORKING POC
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
CVE-2018-18419 EXPLOITDB MEDIUM text WORKING POC
ARDAWAN.COM User Management 1.1 - Stored Cross-Site Scripting via Upload Filename
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
CVSS 5.4
EIP-2026-112464 EXPLOITDB text WORKING POC
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
EIP-2026-109228 EXPLOITDB text WORKING POC
LUYA CMS 1.0.12 - Cross-Site Scripting
CVE-2018-18416 EXPLOITDB MEDIUM text WORKING POC
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting via site_name Parameter
LANGO Codeigniter Multilingual Script 1.0 has XSS in the input and upload sections, as demonstrated by the site_name parameter to the admin/settings/update URI.
CVSS 4.8
EIP-2026-109108 EXPLOITDB text WRITEUP
Library CMS Powerful Book Management System 2.2.0 - Session Fixation
EIP-2026-109107 EXPLOITDB text WORKING POC
Library CMS 2.1.1 - Cross-Site Scripting
EIP-2026-107187 EXPLOITDB text WORKING POC
Fork CMS 5.4.0 - Cross-Site Scripting
CVE-2018-18417 EXPLOITDB MEDIUM text WORKING POC
Ekushey Project Manager CRM 3.1 - Stored Cross-Site Scripting via Client Name Parameter
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
CVSS 5.4
CVE-2019-9554 EXPLOITDB MEDIUM text WORKING POC
Craft CMS 3.1.12 Pro - Stored Cross-Site Scripting in Header Insertion Field
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
CVSS 6.1
EIP-2026-106041 EXPLOITDB text WORKING POC
Coaster CMS 5.5.0 - Cross-Site Scripting