Mickael KARATEKIN

8 exploits Active since Jan 2018
CVE-2020-9359 GITHUB MEDIUM WRITEUP
KDE Okular <1.10.0 - Code Injection
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
4 stars
CVSS 5.3
CVE-2017-7997 GITHUB CRITICAL WRITEUP
gespage < 7.4.9 - SQL Injection via show_prn or show_month Parameter
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
4 stars
CVSS 9.8
CVE-2017-7998 GITHUB MEDIUM WORKING POC
gespage < 7.4.9 - Stored Cross-Site Scripting via Printer Name or Username Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp.
4 stars
CVSS 6.1
CVE-2018-13140 GITHUB HIGH WORKING POC
Druide Antidote < 5.1 - Remote Code Execution via Update Mechanism
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
4 stars
CVSS 8.1
CVE-2020-17363 GITHUB CRITICAL WRITEUP
USVN < 1.0.9 - Remote Code Execution via Timeline Module Parameters
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
4 stars
CVSS 9.9
CVE-2020-17364 GITHUB MEDIUM WRITEUP
USVN < 1.0.9 - Cross-Site Scripting via SVN Logs
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
4 stars
CVSS 6.1
CVE-2020-9036 GITHUB MEDIUM WRITEUP
Jeedom < 4.0.38 - Cross-Site Scripting
Jeedom through 4.0.38 allows XSS.
4 stars
CVSS 6.1
CVE-2017-7997 EXPLOITDB CRITICAL text WORKING POC
gespage < 7.4.9 - SQL Injection via show_prn or show_month Parameter
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
CVSS 9.8