Raif Berkay Dincel

6 exploits Active since Jul 2018
CVE-2020-37044 EXPLOITDB MEDIUM text WORKING POC
OpenCTI 3.3.1 - XSS
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
CVSS 5.4
CVE-2020-37041 EXPLOITDB HIGH text WORKING POC
OpenCTI 3.3.1 - Path Traversal
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
CVSS 7.5
CVE-2018-8738 EXPLOITDB MEDIUM text WORKING POC
Airties 5444 <1.0.0.18 - XSS
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
CVSS 6.1
CVE-2018-20418 EXPLOITDB MEDIUM text WORKING POC
Craftcms Craft Cms - XSS
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
CVSS 4.8
CVE-2018-19933 EXPLOITDB MEDIUM text WORKING POC
Bolt CMS <3.6.2 - XSS
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
CVSS 6.1
EIP-2026-101795 EXPLOITDB text WORKING POC
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal