Mehmet Ince

176 exploits Active since Dec 2002
CVE-2020-8606 METASPLOIT CRITICAL ruby WORKING POC
Trend Micro InterScan Web Security Virtual Appliance 6.5 - Auth Bypass
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.
CVSS 9.8
CVE-2017-16666 METASPLOIT HIGH ruby WORKING POC
Xplico <1.2.1 - Authenticated RCE
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.
CVSS 8.8
CVE-2018-20323 METASPLOIT HIGH ruby WORKING POC
MailCleaner CE 2018.08 - RCE
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.
CVSS 8.8
CVE-2016-15044 METASPLOIT CRITICAL ruby WORKING POC
Kaltura <11.1.0-2 - Code Injection
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.
CVE-2018-12464 METASPLOIT CRITICAL ruby WORKING POC
Micro Focus Secure Messaging Gateway <471 - SQL Injection
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5).
CVSS 10.0
CVE-2017-11391 METASPLOIT HIGH ruby WORKING POC
Trendmicro Interscan Messaging Securi... - Command Injection
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4744.
CVSS 8.8
CVE-2025-34102 METASPLOIT CRITICAL ruby WORKING POC
CryptoLog PHP - RCE
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
CVE-2017-6398 METASPLOIT HIGH ruby WORKING POC
Trendmicro Interscan Messaging Securi... - OS Command Injection
An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it.
CVSS 8.8
CVE-2021-21425 METASPLOIT CRITICAL ruby WORKING POC
Getgrav Grav-plugin-admin < 1.10.8 - Improper Access Control
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
CVSS 9.3
CVE-2016-8582 METASPLOIT CRITICAL ruby WORKING POC
AlienVault OSSIM & USM <5.3.2 - SQL Injection
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
CVSS 9.8
CVE-2017-6326 METASPLOIT CRITICAL ruby WORKING POC
Symantec Messaging Gateway < 10.6.3 - Remote Code Execution
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
CVSS 10.0
CVE-2024-5721 METASPLOIT HIGH ruby WORKING POC
Logsign Unified Secops Platform < 6.4.8 - Missing Authentication
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169.
CVSS 8.1
CVE-2017-7722 METASPLOIT CRITICAL ruby WORKING POC
SolarWinds LEM <6.3.1 Hotfix 4 - RCE
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
CVSS 10.0
CVE-2017-14143 METASPLOIT CRITICAL ruby WORKING POC
Kaltura <13.2.0 - Code Injection
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
CVSS 9.8
CVE-2017-14706 METASPLOIT CRITICAL ruby WORKING POC
DenyAll WAF <6.4.1 - Info Disclosure
DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments.
CVSS 9.8
CVE-2006-4036 EXPLOITDB text WORKING POC
ZoneMetrics ZoneX Publishers Gold Edition <1.0.3 - RCE
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2017-6326 EXPLOITDB CRITICAL ruby WORKING POC
Symantec Messaging Gateway < 10.6.3 - Remote Code Execution
The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.
CVSS 10.0
EIP-2026-114670 EXPLOITDB ruby WORKING POC
Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)
EIP-2026-114671 EXPLOITDB ruby WORKING POC
Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)
CVE-2007-2543 EXPLOITDB text WORKING POC
Flashgames 1.0.1 - SQL Injection
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
CVE-2007-2571 EXPLOITDB text WORKING POC
wfquotes 1.0 - SQL Injection
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
CVE-2012-6506 EXPLOITDB text WRITEUP
Zingiri Web Shop - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php.
CVE-2007-0561 EXPLOITDB perl WORKING POC
Xero Portal 1.2 - RCE
Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) admin_linkdb.php, (2) admin_forum_prune.php, (3) admin_extensions.php, (4) admin_board.php, (5) admin_attachments.php, or (6) admin_users.php in admin/.
EIP-2026-114296 EXPLOITDB text WORKING POC
WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting
CVE-2006-6863 EXPLOITDB CRITICAL text WORKING POC
Enigma2 < - RCE
PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value
CVSS 9.8