Raif Berkay Dincel

6 exploits Active since Jul 2018
CVE-2020-37044 EXPLOITDB MEDIUM text WORKING POC
OpenCTI 3.3.1 - Reflected Cross-Site Scripting via GraphQL Endpoint
OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For example, a request to /graphql?'"--></style></scRipt><scRipt>alert('Raif_Berkay')</scRipt> will trigger an alert. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
CVSS 5.4
CVE-2020-37041 EXPLOITDB HIGH text WORKING POC
OpenCTI 3.3.1 - Unauthenticated Directory Traversal via Static CSS Endpoint
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
CVSS 7.5
CVE-2018-8738 EXPLOITDB MEDIUM text WORKING POC
Airties 5444 and 5444TT Firmware 1.0.0.18 - Cross-Site Scripting
Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS.
CVSS 6.1
CVE-2018-20418 EXPLOITDB MEDIUM text WORKING POC
Craft CMS 3.0.25 - Stored Cross-Site Scripting via Entry Title Field
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
CVSS 4.8
CVE-2018-19933 EXPLOITDB MEDIUM text WORKING POC
Bolt CMS < 3.6.2 - Stored Cross-Site Scripting via Title Field Preview
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
CVSS 6.1
EIP-2026-101795 EXPLOITDB text WORKING POC
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal