Metin Yunus Kandemir

37 exploits Active since Apr 2019
CVE-2021-3317 NOMISEC HIGH WORKING POC
klog_server < 2.4.1 - Authenticated OS Command Injection via async.php Source Parameter
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
2 stars
CVSS 8.8
CVE-2019-25647 EXPLOITDB HIGH python WORKING POC
PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager
PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them to establish reverse shell connections and execute system commands.
CVSS 8.8
CVE-2019-25452 EXPLOITDB HIGH text WORKING POC
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
CVSS 7.5
CVE-2019-25450 EXPLOITDB HIGH text WORKING POC
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.
CVSS 7.5
CVE-2022-28987 WRITEUP MEDIUM WORKING POC
Zoho ManageEngine ADSelfService Plus <6.2.02 - Info Disclosure
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
CVSS 5.3
CVE-2023-48003 WRITEUP MEDIUM WRITEUP
Asp.Net Zero < 12.3.0 - Open Redirect via WebSocket Message HTML Injection
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
CVSS 6.1
CVE-2020-37144 EXPLOITDB MEDIUM text WORKING POC
Exagate Sysguard 6001 - Cross-Site Request Forgery via /kulyon.php Admin Account Creation
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without the victim's consent.
CVSS 5.3
CVE-2021-47904 EXPLOITDB HIGH python WORKING POC
PhreeBooks 5.2.3 - Authenticated RCE
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted file type uploads to gain command execution on the server.
CVSS 8.8
CVE-2021-47869 EXPLOITDB HIGH text WRITEUP
Brother BRAdmin Professional 3.75 - Local Privilege Escalation
Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious executable named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory to gain local system privileges.
CVSS 7.8
CVE-2021-47816 EXPLOITDB HIGH python WORKING POC
Thecus N4800Eco - Command Injection
Thecus N4800Eco NAS Server Control Panel contains a command injection vulnerability that allows authenticated attackers to execute arbitrary system commands through user management endpoints. Attackers can inject commands via username and batch user creation parameters to execute shell commands with administrative privileges.
CVSS 8.8
CVE-2021-26758 EXPLOITDB HIGH python WORKING POC
OpenLiteSpeed 1.7.8 - Privilege Escalation to Root via Command Injection
Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system.
CVSS 8.8
CVE-2021-47738 EXPLOITDB MEDIUM text WORKING POC
CSZ CMS 1.2.7 - Stored Cross-Site Scripting via Private Message User-Agent Header
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend dashboard.
CVSS 5.4
CVE-2021-47737 EXPLOITDB MEDIUM text WORKING POC
CSZ CMS 1.2.7 - Authenticated HTML Injection via Member Messaging System
CSZ CMS 1.2.7 contains an HTML injection vulnerability that allows authenticated users to insert malicious hyperlinks in message titles. Attackers can craft POST requests to the member messaging system with HTML-based links to potentially conduct phishing or social engineering attacks.
CVSS 5.4
CVE-2019-25264 EXPLOITDB MEDIUM text WORKING POC
Snipe-IT 4.7.5 - XSS
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
CVSS 6.4
CVE-2019-14427 EXPLOITDB MEDIUM text WORKING POC
WEB STUDIO Ultimate Loan Manager 2.0 - XSS
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code.
CVSS 6.1
CVE-2020-35729 METASPLOIT CRITICAL ruby WORKING POC
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
CVSS 9.8
EIP-2026-119393 EXPLOITDB python WORKING POC
ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure
CVE-2022-29457 EXPLOITDB HIGH python WORKING POC
Zohocorp ManageEngine ADAudit Plus - NTLM Hash Disclosure
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
CVSS 8.8
EIP-2026-118756 EXPLOITDB python WORKING POC
ManageEngine ADSelfService Plus 6.1 - User Enumeration
CVE-2024-38200 EXPLOITDB MEDIUM WORKING POC
Microsoft 365 Apps and Office - Exposure of Sensitive Information via Spoofing
Microsoft Office Spoofing Vulnerability
CVSS 6.5
EIP-2026-117325 EXPLOITDB WORKING POC
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path
EIP-2026-115296 EXPLOITDB python WORKING POC
Free SMTP Server 2.5 - Denial of Service (PoC)
EIP-2026-112030 EXPLOITDB python WORKING POC
Shopping Portal ProVersion 3.0 - Authentication Bypass
EIP-2026-110080 EXPLOITDB text WORKING POC
Online Course Registration 2.0 - Remote Code Execution
CVE-2019-13346 EXPLOITDB MEDIUM text WORKING POC
MyT 1.5.1 Username - Cross-Site Scripting
In MyT 1.5.1, the User[username] parameter has XSS.
CVSS 6.1