Metin Yunus Kandemir

37 exploits Active since Apr 2019
CVE-2021-3317 EXPLOITDB HIGH python WORKING POC
klog_server < 2.4.1 - Authenticated OS Command Injection via async.php Source Parameter
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVSS 8.8
CVE-2020-35729 EXPLOITDB CRITICAL ruby WORKING POC
klog_server 2.4.1 - OS Command Injection via User Parameter
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
CVSS 9.8
EIP-2026-107621 EXPLOITDB python WORKING POC
Hospital Management System 4.0 - Authentication Bypass
CVE-2019-16197 EXPLOITDB MEDIUM text WORKING POC
Dolibarr < 10.0.2 - Stored Cross-Site Scripting via User-Agent Header
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
CVSS 6.1
CVE-2019-11354 EXPLOITDB HIGH text WORKING POC
EA Origin 10.5.36 - Remote Code Execution via Origin2 URI Handler Template Injection
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.
CVSS 7.8
EIP-2026-106107 EXPLOITDB python WORKING POC
Complaint Management System 4.0 - Remote Code Execution
EIP-2026-104321 EXPLOITDB python WORKING POC
ManageEngine ADSelfService Plus 6.1 - CSV Injection
CVE-2024-24409 EXPLOITDB HIGH text WRITEUP
ManageEngine ADManager Plus <= 7203 - Privilege Escalation via Modify Computers Option
Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.
CVSS 8.8
EIP-2026-104205 EXPLOITDB text SCANNER
Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated)
CVE-2020-15046 EXPLOITDB HIGH text WORKING POC
Supermicro X10DRH-iT BIOS 2.0a and IPMI Firmware 03.40 - Cross-Site Request Forgery via cgi/config_user.cgi
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
CVSS 8.8
CVE-2020-15046 EXPLOITDB HIGH text WORKING POC
Supermicro X10DRH-iT BIOS 2.0a and IPMI Firmware 03.40 - Cross-Site Request Forgery via cgi/config_user.cgi
The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88.
CVSS 8.8
EIP-2026-101972 EXPLOITDB python WORKING POC
Seagate BlackArmor NAS sg2000-2000.1331 - Command Injection