what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 29 RSS Feed

Files from Metin Yunus Kandemir

First Active2019-04-03
Last Active2022-05-11
ManageEngine ADSelfService Plus Build 6118 NTLMv2 Hash Exposure
Posted May 11, 2022
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus build 6118 suffers from an NTLMv2 hash exposure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2022-29457
SHA-256 | f42a82f890c3591b725d59a439ef11e7ca7de7237e5ed593bd8a81bf354e0e19
ManageEngine ADSelfService Plus 6.1 User Enumeration
Posted Apr 19, 2022
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus version 6.1 suffers from a user enumeration vulnerability.

tags | exploit
SHA-256 | eb9a81d41b9726f90f1a950f6c1fd4f1b49ee04e2d812c1fb2175672b960b945
Abusing LAPS
Posted Jan 19, 2022
Authored by Metin Yunus Kandemir

Whitepaper that explains a misconfiguration based flaw about Local Administrator Password Solution.

tags | paper, local
SHA-256 | afd186867562453b4d7f00ad96270e7a4c5c6b2facd655ef9e4e3c6d602fb576
Seagate BlackArmor NAS sg2000-2000.1331 Command Injection
Posted Jul 16, 2021
Authored by Metin Yunus Kandemir

Seagate BlackArmor NAS version sg2000-2000.1331 remote command injection exploit.

tags | exploit, remote
SHA-256 | 9a7285a69805f1136bd7054963d9148897967e805a6a67a1cd1ffbf3c3dc7172
Thecus N4800Eco Command Injection
Posted Jun 2, 2021
Authored by Metin Yunus Kandemir

Thecus N4800Eco NAS server control panel suffers from a command injection vulnerability.

tags | exploit
SHA-256 | d7870fac7e6397017a08b261b256c7b60acc08e3f5738cb24318e34a48335819
ManageEngine ADSelfService Plus 6.1 CSV Injection
Posted May 19, 2021
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus version 6.1 suffers from a CSV injection vulnerability.

tags | exploit
SHA-256 | 685e14de90f446d314247608c72480994fb1618eb955e9fa368d505ba1cfb3f7
BRAdmin Professional 3.75 Unquoted Service Path
Posted Mar 19, 2021
Authored by Metin Yunus Kandemir

BRAdmin Professional version 3.75 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 3beb108939a4de6047c2b0d5853c1c309a64fe01ffab40efff973d2695853137
Klog Server 2.4.1 Command Injection
Posted Feb 15, 2021
Authored by Brendan Coles, Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.

tags | exploit, web, arbitrary, php
advisories | CVE-2020-35729
SHA-256 | 5ec6676b8d5b72c304f3f383a6b3a1bbcb4df27ceff247690cd2cd511bbf75bb
Openlitespeed WebServer 1.7.8 Command Injection
Posted Feb 11, 2021
Authored by Metin Yunus Kandemir

Openlitespeed WebServer version 1.7.8 remote command injection exploit. Original discovery of command injection in this version is attributed to cm0s from SunCSR in January of 2021.

tags | exploit, remote
SHA-256 | 60f1f051bd798dab7089a4bee09f5a1d2479058f12087a17278967d49b845cf1
Klog Server 2.4.1 Command Injection
Posted Feb 1, 2021
Authored by Metin Yunus Kandemir

Klog Server version 2.4.1 remote command injection exploit.

tags | exploit, remote
advisories | CVE-2021-3317
SHA-256 | 99012dfbcefb01247d5d331d8643bce4efa6371eef0857ac2fc0aa91cc3e96a4
Klog Server 2.4.1 Command Injection
Posted Jan 26, 2021
Authored by Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and below.

tags | exploit
advisories | CVE-2020-35729
SHA-256 | 4b98d5b04b6e749217209691c5bf8ebd2011def2f86e1db79d9419e0830fa90f
Cockpit 234 Server-Side Request Forgery
Posted Jan 8, 2021
Authored by Metin Yunus Kandemir

Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit
SHA-256 | 7d5320612c3c2171833bc0f579b2434057c4c62e25ce3e66372baa4bc0bb0e83
SuperMicro IPMI 03.40 Cross Site Request Forgery
Posted Jul 9, 2020
Authored by Metin Yunus Kandemir

SuperMicro IPMI version 03.40 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-15046
SHA-256 | f0c9c09b826203240ee4c6af353756b9f273a44846c5e01f9f40f3ee9ca0f51c
CSZ CMS 1.2.7 HTML Injection
Posted Apr 21, 2020
Authored by Metin Yunus Kandemir

CSZ CMS version 1.2.7 suffers from an html injection vulnerability.

tags | exploit
SHA-256 | b071ec3b56d0f80f701af10014a9989aaadb203765ef4561fbe56ef470fba5fe
CSZ CMS 1.2.7 Cross Site Scripting
Posted Apr 21, 2020
Authored by Metin Yunus Kandemir

CSZ CMS version 1.2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c84df5f5c5e62b67520a1d22c9fb41f1465fa5306e3650dc1f6b33b1e0e0e167
Exagate Sysguard 6001 Cross Site Request Forgery
Posted Mar 20, 2020
Authored by Metin Yunus Kandemir

Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 97013bfb1dbd21c33b3ea58f30c8b9c3f862968f7e7dba05b502e4556780c348
Complaint Management System 4.0 Remote Code Execution
Posted Jan 7, 2020
Authored by Metin Yunus Kandemir

Complaint Management System version 4.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 7b0aa980a77d3f44b50de965bfd78bcc8506a9e151f332e040c46eef55d76f21
Online Course Registration 2.0 Remote Code Execution
Posted Jan 2, 2020
Authored by Metin Yunus Kandemir

Online Course Registration version 2.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 111753551568881bfe89880e1b09bb623051b7e801414cc97d971695f59c804e
Hospital Management System 4.0 SQL Injection
Posted Jan 1, 2020
Authored by Metin Yunus Kandemir

Hospital Management System version 4.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | bcaf939ae34732279682937d7a4e19c5c0715fc37b15d7cc69c314edbf75de6f
Shopping Portal ProVersion 3.0 SQL Injection
Posted Jan 1, 2020
Authored by Metin Yunus Kandemir

Shopping Portal ProVersion version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6edca2e8d0f9d1ae2d8f481dcd908e8b1ebdae5c8b26ea01e110ac95fdba0880
Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting
Posted Dec 9, 2019
Authored by Metin Yunus Kandemir

Snipe-IT Open Source Asset Management version 4.7.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c275463593eb3ad5d471d6a71d8677632baba810d9fef6a9ca6da6a50e707e22
Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
Posted Sep 13, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-16197
SHA-256 | 0187de9002d59f341d170b546ca8984e4ebf01432ab6172e13141bf0b1e44251
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6826dc0ef459539b9dbd73ad177cbaf6ed9ed2ece658f77e4b7715a8c0b04c36
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bab53fc3d093813545a41360b16744c1c7a3723c574c2a429a2b935572a6e1be
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6826dc0ef459539b9dbd73ad177cbaf6ed9ed2ece658f77e4b7715a8c0b04c36
Page 1 of 2
Back12Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close