Mehmet Ince

176 exploits Active since Dec 2002
CVE-2021-21425 NOMISEC CRITICAL WORKING POC
Grav Admin Plugin < 1.10.8 - Unauthenticated Arbitrary YAML Write via Administrator Controller
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
1 stars
CVSS 9.3
CVE-2021-21425 NOMISEC CRITICAL WORKING POC
Grav Admin Plugin < 1.10.8 - Unauthenticated Arbitrary YAML Write via Administrator Controller
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
CVSS 9.3
CVE-2017-11392 METASPLOIT HIGH ruby WORKING POC
Trend Micro InterScan Messaging Security Virtual Appliance 9.0-9.1 - RCE via modTMCSS Proxy
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
CVSS 8.8
CVE-2020-8605 METASPLOIT HIGH ruby WORKING POC
Trend Micro InterScan Web Security Virtual Appliance 6.5 - RCE
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
CVSS 8.8
CVE-2017-7896 METASPLOIT MEDIUM ruby WORKING POC
Trend Micro InterScan Messaging Security Virtual Appliance < 9.1 - Cross-Site Scripting
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
CVSS 6.1
CVE-2020-8604 METASPLOIT HIGH ruby WORKING POC
Trend Micro InterScan Web Security Virtual Appliance 6.5 - Path Traversal
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.
CVSS 7.5
CVE-2018-12465 METASPLOIT CRITICAL ruby WORKING POC
Micro Focus SMG <471 - Command Injection
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that used GWAVA product name (i.e. GWAVA 6.5).
CVSS 9.1
CVE-2026-22661 WRITEUP HIGH WRITEUP
prompts.chat Path Traversal via Skill File Handling
prompts.chat prior to commit 0f8d4c3 contains a path traversal vulnerability in skill file handling that allows attackers to write arbitrary files to the client system by crafting malicious ZIP archives with unsanitized filenames containing path traversal sequences. Attackers can exploit missing server-side filename validation to inject path traversal sequences ../ into skill file archives, which when extracted by vulnerable tools writing files outside the intended directory and overwriting shell initialization files to achieve code execution.
CVSS 8.1
CVE-2026-22662 WRITEUP MEDIUM WRITEUP
prompts.chat Blind SSRF via media-generate
prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-controlled inputImageUrl parameters. Attackers can exploit this vulnerability by sending POST requests to the /api/media-generate endpoint to probe internal networks, access internal services, and exfiltrate data through the upstream Wiro service without receiving direct response bodies.
CVSS 4.3
CVE-2026-22663 WRITEUP HIGH WRITEUP
prompts.chat Authorization Bypass Information Disclosure
prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing authorization checks to retrieve private prompt version history, change requests, examples, current content, and metadata including titles and descriptions exposed via HTML meta tags.
CVSS 7.5
CVE-2026-22665 WRITEUP HIGH WRITEUP
prompts.chat Identity Confusion via Case-Sensitive Username Handling
prompts.chat prior to commit 1464475, contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing attackers to create case-variant usernames that bypass uniqueness checks. Attackers can exploit non-deterministic username resolution to impersonate victim accounts, replace profile content on canonical URLs, and inject attacker-controlled metadata and content across the platform.
CVSS 8.1
CVE-2025-34102 EXPLOITDB CRITICAL ruby WORKING POC
CryptoLog PHP - Unauthenticated Remote Code Execution via SQL Injection and Command Injection
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
CVE-2025-34111 EXPLOITDB CRITICAL ruby WORKING POC
Tiki Wiki CMS Groupware < 15.1 - Unauthenticated Arbitrary File Upload via ELFinder Connector
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.
CVSS 9.8
CVE-2021-47812 EXPLOITDB CRITICAL python WORKING POC
GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write and PHP Execution via Scheduler Endpoint
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.
CVSS 9.8
CVE-2018-12464 EXPLOITDB CRITICAL ruby WORKING POC
Micro Focus Secure Messaging Gateway <471 - SQL Injection
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
CVSS 10.0
CVE-2016-15044 EXPLOITDB CRITICAL ruby WORKING POC
Kaltura Video Platform < 11.1.0-2 - Unauthenticated Remote Code Execution via Unsafe Deserialization in keditorservices
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.
CVE-2007-2817 EXPLOITDB text WORKING POC
ol_bookmarks 0.7.4 - SQL Injection via id Parameter
SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-1481 EXPLOITDB text WORKING POC
WBBlog - SQL Injection via e_id Parameter
SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd.
CVE-2007-1015 EXPLOITDB text WORKING POC
Aktueldownload Haber - SQL Injection
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2002-2217 EXPLOITDB text WORKING POC
Web Server Creator - Web Portal 0.1 - RCE
Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal (WSC-WebPortal) 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) l parameter to customize.php or the (2) pg parameter to index.php.
CVE-2004-1423 EXPLOITDB text WORKING POC
php-calendar < 0.10.1 - Remote Code Execution via phpc_root_path Parameter
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
CVE-2025-34111 METASPLOIT CRITICAL ruby WORKING POC
Tiki Wiki CMS Groupware < 15.1 - Unauthenticated Arbitrary File Upload via ELFinder Connector
An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector (connector.minimal.php), which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The vulnerable component does not enforce file type validation, allowing attackers to craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at /vendor_extra/elfinder/.
CVSS 9.8
CVE-2017-11394 METASPLOIT CRITICAL ruby WORKING POC
Trend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php T Parameter
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVSS 9.8
CVE-2018-7890 METASPLOIT CRITICAL ruby WORKING POC
Zoho ManageEngine Applications Manager <13.6 - Command Injection
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
CVSS 9.8
CVE-2020-10808 METASPLOIT HIGH ruby WORKING POC
VestaCP <0.9.8-26 - Command Injection
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.
CVSS 8.8