exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 32 RSS Feed

Files from Metin Yunus Kandemir

First Active2019-04-03
Last Active2024-10-07
ManageEngine ADManager Plus Privilege Escalation
Posted Oct 7, 2024
Authored by Metin Yunus Kandemir

ManageEngine ADManager Plus builds prior to 7210 suffers from a privilege escalation vulnerability.

tags | advisory
advisories | CVE-2024-24409
SHA-256 | 3b9941aa9efcb746685c3ff7341274059f2a5c45bbffedd341d4a38c6fdff3c0
Microsoft Office NTLMv2 Disclosure
Posted Oct 2, 2024
Authored by Metin Yunus Kandemir

Microsoft Office 2019 MSO build 1808 (16.0.10411.20011) and Microsoft 365 MSO version 2403 build 16.0.17425.20176 suffer from an NTLMv2 hash disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2024-38200
SHA-256 | a515b741cb4fdee423e7ca948fc50654803bd1c926175eccc8866a749034e338
ManageEngine ADManager Plus Recovery Password Disclosure
Posted Feb 13, 2024
Authored by Metin Yunus Kandemir

ManageEngine ADManager Plus versions prior to build 7183 suffers from a recovery password disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2023-31492
SHA-256 | 7874929a14fe57fd79cdf95718b05cd915fe981a7a2e42784b174c59bf45ff2e
ManageEngine ADSelfService Plus Build 6118 NTLMv2 Hash Exposure
Posted May 11, 2022
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus build 6118 suffers from an NTLMv2 hash exposure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2022-29457
SHA-256 | f42a82f890c3591b725d59a439ef11e7ca7de7237e5ed593bd8a81bf354e0e19
ManageEngine ADSelfService Plus 6.1 User Enumeration
Posted Apr 19, 2022
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus version 6.1 suffers from a user enumeration vulnerability.

tags | exploit
SHA-256 | eb9a81d41b9726f90f1a950f6c1fd4f1b49ee04e2d812c1fb2175672b960b945
Abusing LAPS
Posted Jan 19, 2022
Authored by Metin Yunus Kandemir

Whitepaper that explains a misconfiguration based flaw about Local Administrator Password Solution.

tags | paper, local
SHA-256 | afd186867562453b4d7f00ad96270e7a4c5c6b2facd655ef9e4e3c6d602fb576
Seagate BlackArmor NAS sg2000-2000.1331 Command Injection
Posted Jul 16, 2021
Authored by Metin Yunus Kandemir

Seagate BlackArmor NAS version sg2000-2000.1331 remote command injection exploit.

tags | exploit, remote
SHA-256 | 9a7285a69805f1136bd7054963d9148897967e805a6a67a1cd1ffbf3c3dc7172
Thecus N4800Eco Command Injection
Posted Jun 2, 2021
Authored by Metin Yunus Kandemir

Thecus N4800Eco NAS server control panel suffers from a command injection vulnerability.

tags | exploit
SHA-256 | d7870fac7e6397017a08b261b256c7b60acc08e3f5738cb24318e34a48335819
ManageEngine ADSelfService Plus 6.1 CSV Injection
Posted May 19, 2021
Authored by Metin Yunus Kandemir

ManageEngine ADSelfService Plus version 6.1 suffers from a CSV injection vulnerability.

tags | exploit
SHA-256 | 685e14de90f446d314247608c72480994fb1618eb955e9fa368d505ba1cfb3f7
BRAdmin Professional 3.75 Unquoted Service Path
Posted Mar 19, 2021
Authored by Metin Yunus Kandemir

BRAdmin Professional version 3.75 suffers from an unquoted service path vulnerability.

tags | exploit
SHA-256 | 3beb108939a4de6047c2b0d5853c1c309a64fe01ffab40efff973d2695853137
Klog Server 2.4.1 Command Injection
Posted Feb 15, 2021
Authored by Brendan Coles, Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.

tags | exploit, web, arbitrary, php
advisories | CVE-2020-35729
SHA-256 | 5ec6676b8d5b72c304f3f383a6b3a1bbcb4df27ceff247690cd2cd511bbf75bb
Openlitespeed WebServer 1.7.8 Command Injection
Posted Feb 11, 2021
Authored by Metin Yunus Kandemir

Openlitespeed WebServer version 1.7.8 remote command injection exploit. Original discovery of command injection in this version is attributed to cm0s from SunCSR in January of 2021.

tags | exploit, remote
SHA-256 | 60f1f051bd798dab7089a4bee09f5a1d2479058f12087a17278967d49b845cf1
Klog Server 2.4.1 Command Injection
Posted Feb 1, 2021
Authored by Metin Yunus Kandemir

Klog Server version 2.4.1 remote command injection exploit.

tags | exploit, remote
advisories | CVE-2021-3317
SHA-256 | 99012dfbcefb01247d5d331d8643bce4efa6371eef0857ac2fc0aa91cc3e96a4
Klog Server 2.4.1 Command Injection
Posted Jan 26, 2021
Authored by Metin Yunus Kandemir, B3KC4T | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and below.

tags | exploit
advisories | CVE-2020-35729
SHA-256 | 4b98d5b04b6e749217209691c5bf8ebd2011def2f86e1db79d9419e0830fa90f
Cockpit 234 Server-Side Request Forgery
Posted Jan 8, 2021
Authored by Metin Yunus Kandemir

Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.

tags | exploit
SHA-256 | 7d5320612c3c2171833bc0f579b2434057c4c62e25ce3e66372baa4bc0bb0e83
SuperMicro IPMI 03.40 Cross Site Request Forgery
Posted Jul 9, 2020
Authored by Metin Yunus Kandemir

SuperMicro IPMI version 03.40 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2020-15046
SHA-256 | f0c9c09b826203240ee4c6af353756b9f273a44846c5e01f9f40f3ee9ca0f51c
CSZ CMS 1.2.7 HTML Injection
Posted Apr 21, 2020
Authored by Metin Yunus Kandemir

CSZ CMS version 1.2.7 suffers from an html injection vulnerability.

tags | exploit
SHA-256 | b071ec3b56d0f80f701af10014a9989aaadb203765ef4561fbe56ef470fba5fe
CSZ CMS 1.2.7 Cross Site Scripting
Posted Apr 21, 2020
Authored by Metin Yunus Kandemir

CSZ CMS version 1.2.7 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c84df5f5c5e62b67520a1d22c9fb41f1465fa5306e3650dc1f6b33b1e0e0e167
Exagate Sysguard 6001 Cross Site Request Forgery
Posted Mar 20, 2020
Authored by Metin Yunus Kandemir

Exagate Sysguard 6001 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 97013bfb1dbd21c33b3ea58f30c8b9c3f862968f7e7dba05b502e4556780c348
Complaint Management System 4.0 Remote Code Execution
Posted Jan 7, 2020
Authored by Metin Yunus Kandemir

Complaint Management System version 4.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 7b0aa980a77d3f44b50de965bfd78bcc8506a9e151f332e040c46eef55d76f21
Online Course Registration 2.0 Remote Code Execution
Posted Jan 2, 2020
Authored by Metin Yunus Kandemir

Online Course Registration version 2.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 111753551568881bfe89880e1b09bb623051b7e801414cc97d971695f59c804e
Hospital Management System 4.0 SQL Injection
Posted Jan 1, 2020
Authored by Metin Yunus Kandemir

Hospital Management System version 4.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | bcaf939ae34732279682937d7a4e19c5c0715fc37b15d7cc69c314edbf75de6f
Shopping Portal ProVersion 3.0 SQL Injection
Posted Jan 1, 2020
Authored by Metin Yunus Kandemir

Shopping Portal ProVersion version 3.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
SHA-256 | 6edca2e8d0f9d1ae2d8f481dcd908e8b1ebdae5c8b26ea01e110ac95fdba0880
Snipe-IT Open Source Asset Management 4.7.5 Cross Site Scripting
Posted Dec 9, 2019
Authored by Metin Yunus Kandemir

Snipe-IT Open Source Asset Management version 4.7.5 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c275463593eb3ad5d471d6a71d8677632baba810d9fef6a9ca6da6a50e707e22
Dolibarr ERP-CRM 10.0.1 Cross Site Scripting
Posted Sep 13, 2019
Authored by Metin Yunus Kandemir

Dolibarr ERP-CRM version 10.0.1 suffers from a user-agent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-16197
SHA-256 | 0187de9002d59f341d170b546ca8984e4ebf01432ab6172e13141bf0b1e44251
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close