Mehmet Ince

176 exploits Active since Dec 2002
CVE-2007-0684 EXPLOITDB text WORKING POC
Cerulean Portal System 0.7b - RCE
PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-2673 EXPLOITDB text WORKING POC
Censura <1.16.04 - SQL Injection
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.
CVE-2007-0809 EXPLOITDB perl WORKING POC
PHP <ptirhiikmods - RCE
PHP remote file inclusion vulnerability in includes/class_template.php in Categories hierarchy (aka CH or mod-CH) 2.1.2 in ptirhiikmods allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
EIP-2026-105614 EXPLOITDB text WORKING POC
bpautosales 1.0.1 - Cross-Site Scripting / SQL Injection
EIP-2026-105591 EXPLOITDB text WRITEUP
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
EIP-2026-105582 EXPLOITDB python WORKING POC
Bonefire 0.7.1 - Reinstall Admin Account
EIP-2026-105471 EXPLOITDB text WRITEUP
BigTree CMS 4.2.11 - SQL Injection
CVE-2016-8580 EXPLOITDB CRITICAL ruby WORKING POC
AlienVault OSSIM & USM <5.3.2 - Code Injection
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
CVSS 9.8
EIP-2026-105231 EXPLOITDB text WORKING POC
Ariadne 2.4 - store_config[code] Remote File Inclusion
EIP-2026-104721 EXPLOITDB ruby WORKING POC
Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)
CVE-2017-14143 EXPLOITDB CRITICAL ruby WORKING POC
Kaltura <13.2.0 - Code Injection
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
CVSS 9.8
CVE-2009-1946 EXPLOITDB text WORKING POC
AdaptBB 1.0 - RCE
PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter.
CVE-2020-8605 EXPLOITDB HIGH ruby WORKING POC
Trend Micro InterScan Web Security Virtual Appliance 6.5 - RCE
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability.
CVSS 8.8
EIP-2026-104476 EXPLOITDB ruby WORKING POC
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
EIP-2026-104469 EXPLOITDB ruby WORKING POC
Trend Micro InterScan Messaging Security (Virtual Appliance) < 9.1.-1600 - Remote Code Execution (Metasploit)
EIP-2026-103271 EXPLOITDB ruby WORKING POC
DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)
EIP-2026-103223 EXPLOITDB ruby WORKING POC
SolarWinds LEM 6.3.1 - Remote Code Execution (Metasploit)
CVE-2017-16666 EXPLOITDB HIGH ruby WORKING POC
Xplico <1.2.1 - Authenticated RCE
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.
CVSS 8.8
EIP-2026-102408 EXPLOITDB text WORKING POC
ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities
EIP-2026-102393 EXPLOITDB text WORKING POC
Liferay Portal < 7.0.4 - Server-Side Request Forgery
CVE-2018-7890 EXPLOITDB CRITICAL ruby WORKING POC
Zoho ManageEngine Applications Manager <13.6 - Command Injection
A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). The publicly accessible testCredential.do endpoint takes multiple user inputs and validates supplied credentials by accessing a specified system. This endpoint calls several internal classes, and then executes a PowerShell script. If the specified system is OfficeSharePointServer, then the username and password parameters to this script are not validated, leading to Command Injection.
CVSS 9.8
CVE-2007-1023 EXPLOITDB text WORKING POC
Snitz Forums 2000 3.1 SR4 - SQL Injection
SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2007-0920 EXPLOITDB text WORKING POC
Philboard <1.14 - SQL Injection
SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2007-1058 EXPLOITDB text WORKING POC
Online Web Building 2.0 - SQL Injection
SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.
CVE-2007-1016 EXPLOITDB text WORKING POC
Aktueldownload Haber script - SQL Injection
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.