Metin Yunus Kandemir

37 exploits Active since Apr 2019
CVE-2021-3317 EXPLOITDB HIGH python WORKING POC
Klogserver Klog Server < 2.4.1 - OS Command Injection
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVSS 8.8
CVE-2020-35729 EXPLOITDB CRITICAL ruby WORKING POC
Klogserver Klog Server - OS Command Injection
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
CVSS 9.8
EIP-2026-107621 EXPLOITDB python WORKING POC
Hospital Management System 4.0 - Authentication Bypass
CVE-2019-16197 EXPLOITDB MEDIUM text WORKING POC
Dolibarr 10.0.1 - XSS
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
CVSS 6.1
CVE-2019-11354 EXPLOITDB HIGH text WORKING POC
Origin 10.5.36 - RCE
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.
CVSS 7.8
EIP-2026-106107 EXPLOITDB python WORKING POC
Complaint Management System 4.0 - Remote Code Execution
EIP-2026-104321 EXPLOITDB python WORKING POC
ManageEngine ADSelfService Plus 6.1 - CSV Injection
CVE-2024-24409 EXPLOITDB HIGH text WRITEUP
Zohocorp Manageengine Admanager Plus - Improper Privilege Management
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
CVSS 8.8
EIP-2026-104205 EXPLOITDB text SCANNER
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
CVE-2020-15046 EXPLOITDB HIGH text WORKING POC
Supermicro X10DRH-iT - CSRF
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
CVSS 8.8
CVE-2020-15046 EXPLOITDB HIGH text WORKING POC
Supermicro X10DRH-iT - CSRF
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
CVSS 8.8
EIP-2026-101972 EXPLOITDB python WORKING POC
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection