what you don't know can hurt you
Showing 1 - 25 of 26 RSS Feed

Files from Metin Yunus Kandemir

First Active2019-04-03
Last Active2021-07-16
Seagate BlackArmor NAS sg2000-2000.1331 Command Injection
Posted Jul 16, 2021
Authored by Metin Yunus Kandemir

Seagate BlackArmor NAS version sg2000-2000.1331 remote command injection exploit.

tags | exploit, remote
MD5 | a1e7f946b3541f69c9c897d1c5a65653
Thecus N4800Eco Command Injection
Posted Jun 2, 2021
Authored by Metin Yunus Kandemir

Thecus N4800Eco NAS server control panel suffers from a command injection vulnerability.

tags | exploit
MD5 | ae4a89312d846301be09513febb070f1
ManageEngine ADSelfService Plus 6.1 CSV Injection
Posted May 19, 2021
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus version 6.1 suffers from a CSV injection vulnerability.

tags | exploit
MD5 | 9c738c10b3f5eed7a8d253d8dd163f19
BRAdmin Professional 3.75 Unquoted Service Path
Posted Mar 19, 2021
Authored by Metin Yunus Kandemir

BRAdmin Professional version 3.75 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 090ec9784264b7b2c1dc636e28fa7068
Klog Server 2.4.1 Command Injection
Posted Feb 15, 2021
Authored by Brendan Coles, Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.

tags | exploit, web, arbitrary, php
advisories | CVE-2020-35729
MD5 | 2fcde862940be1be38194631a27617e3
Openlitespeed WebServer 1.7.8 Command Injection
Posted Feb 11, 2021
Authored by Metin Yunus Kandemir

Openlitespeed WebServer version 1.7.8 remote command injection exploit. Original discovery of command injection in this version is attributed to cm0s from SunCSR in January of 2021.

tags | exploit, remote
MD5 | 544ac8117ecdf27be5df7ddb1c7cbc9c
Klog Server 2.4.1 Command Injection
Posted Feb 1, 2021
Authored by Metin Yunus Kandemir

Klog Server version 2.4.1 remote command injection exploit.

tags | exploit, remote
advisories | CVE-2021-3317
MD5 | 9d56395a42ddfd252a6c43a53b91eae7
Klog Server 2.4.1 Command Injection
Posted Jan 26, 2021
Authored by Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and below.

tags | exploit
advisories | CVE-2020-35729
MD5 | bdaa705783090e05896aa7b814c48c3e
Cockpit 234 Server-Side Request Forgery
Posted Jan 8, 2021
Authored by Metin Yunus Kandemir

Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit
MD5 | 08a5222d2042e7b178bdc08a8b512ecb
SuperMicro IPMI 03.40 Cross Site Request Forgery
Posted Jul 9, 2020
Authored by Metin Yunus Kandemir

SuperMicro IPMI version 03.40 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-15046
MD5 | c6d8021c22d652f56e1d92d8966b6e9a
CSZ CMS 1.2.7 HTML Injection
Posted Apr 21, 2020
Authored by Metin Yunus Kandemir

CSZ CMS version 1.2.7 suffers from an html injection vulnerability.

tags | exploit
MD5 | e290bb3d3ad91ab322e30869720d9789
CSZ CMS 1.2.7 Cross Site Scripting
Posted Apr 21, 2020
Authored by Metin Yunus Kandemir

CSZ CMS version 1.2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | e25510fb8e80d1f7ec93c52dfd3126ac
Exagate Sysguard 6001 Cross Site Request Forgery
Posted Mar 20, 2020
Authored by Metin Yunus Kandemir

Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 59554a395f13761b8a07e12ef53b0dcc
Complaint Management System 4.0 Remote Code Execution
Posted Jan 7, 2020
Authored by Metin Yunus Kandemir

Complaint Management System version 4.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 899f0a810fb01422e2cc89623675f0fd
Online Course Registration 2.0 Remote Code Execution
Posted Jan 2, 2020
Authored by Metin Yunus Kandemir

Online Course Registration version 2.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | ae95616c78b2c6efd75e5e2af523ba4f
Hospital Management System 4.0 SQL Injection
Posted Jan 1, 2020
Authored by Metin Yunus Kandemir

Hospital Management System version 4.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | ab549370ce552db01ebc34eeba901d3d
Shopping Portal ProVersion 3.0 SQL Injection
Posted Jan 1, 2020
Authored by Metin Yunus Kandemir

Shopping Portal ProVersion version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | c59845b1ff55e879521042a0439a2430
Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting
Posted Dec 9, 2019
Authored by Metin Yunus Kandemir

Snipe-IT Open Source Asset Management version 4.7.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ab654a127618deb61eec45dcac220261
Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
Posted Sep 13, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-16197
MD5 | a1c1c6482827fcba803b9538335d0bb1
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 651b98a10f6da22baa060c0ef8e1faff
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 651b98a10f6da22baa060c0ef8e1faff
Dolibarr ERP-CRM 10.0.1 SQL Injection
Posted Sep 9, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | f12651030a096cade2e287dc096ca300
Ultimate Loan Manager 2.0 Cross Site Scripting
Posted Aug 1, 2019
Authored by Metin Yunus Kandemir

Ultimate Loan Manager version 2.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | f27079f7172ccf90318983a73a3d5689
dotProject 2.1.9 SQL Injection
Posted Jun 24, 2019
Authored by Metin Yunus Kandemir

dotProject version 2.1.9 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2019-11354
MD5 | 5a2091b567087cd399ac27529bcb8e97
Free SMTP Server 2.5 Denial Of Service
Posted May 29, 2019
Authored by Metin Yunus Kandemir

Free SMTP Server version 2.5 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 251cf82e96f4079a0c51f6fba20fe551
Page 1 of 2
Back12Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close