Mickael KARATEKIN

8 exploits Active since Jan 2018
CVE-2020-9359 GITHUB MEDIUM WRITEUP
KDE Okular <1.10.0 - Code Injection
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
4 stars
CVSS 5.3
CVE-2017-7997 GITHUB CRITICAL WRITEUP
Gespage < 7.4.9 - SQL Injection
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
4 stars
CVSS 9.8
CVE-2017-7998 GITHUB MEDIUM WORKING POC
Gespage < 7.4.9 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp.
4 stars
CVSS 6.1
CVE-2018-13140 GITHUB HIGH WORKING POC
Druide Antidote 9 < 5.1 - Cleartext Transmission
Druide Antidote through 9.5.1 on Windows and Linux allows remote code execution through the update mechanism by leveraging use of HTTP to download installation packages.
4 stars
CVSS 8.1
CVE-2020-17363 GITHUB CRITICAL WRITEUP
USVN <1.0.9 - RCE
USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution via shell metacharacters in the number_start or number_end parameter to LastHundredRequest (aka lasthundredrequestAction) in the Timeline module. NOTE: this may overlap CVE-2020-25069.
4 stars
CVSS 9.9
CVE-2020-17364 GITHUB MEDIUM WRITEUP
USVN <1.0.9 - XSS
USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.
4 stars
CVSS 6.1
CVE-2020-9036 GITHUB MEDIUM WRITEUP
Jeedom < 4.0.38 - XSS
Jeedom through 4.0.38 allows XSS.
4 stars
CVSS 6.1
CVE-2017-7997 EXPLOITDB CRITICAL text WORKING POC
Gespage < 7.4.9 - SQL Injection
Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
CVSS 9.8