Safak Aslan

4 exploits Active since Aug 2018
CVE-2018-25298 EXPLOITDB MEDIUM text WORKING POC
Merge PACS 7.0 Cross-Site Request Forgery via merge-viewer
Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit POST requests to /servlet/actions/merge-viewer/summary with login credentials to hijack user sessions and gain unauthorized access to the PACS system.
CVSS 5.3
CVE-2018-15138 EXPLOITDB HIGH text WORKING POC
Ericsson-LG iPECS NMS 30M - Path Traversal
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.
CVSS 7.5
CVE-2018-15137 EXPLOITDB CRITICAL text WORKING POC
CeLa Link CLR-M20 - RCE
CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method.
CVSS 9.8
EIP-2026-102007 EXPLOITDB text WRITEUP
SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change