AkkuS <Özkan Mustafa Akkuş>

28 exploits Active since Jan 2019
CVE-2019-11447 NOMISEC HIGH WORKING POC
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
1 stars
CVSS 8.8
CVE-2019-11631 METASPLOIT ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVE-2019-12840 METASPLOIT HIGH ruby WORKING POC
Webmin < 1.910 - OS Command Injection
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVSS 8.8
CVE-2019-11448 EXPLOITDB CRITICAL ruby WORKING POC
Zoho ManageEngine Applications Manager <14.0 - Privilege Escalation
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a Popup_SLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file.
CVSS 9.8
CVE-2018-20166 EXPLOITDB HIGH ruby WORKING POC
Rukovoditel 2.3.1 - Code Injection
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension.
CVSS 8.8
CVE-2019-9623 EXPLOITDB CRITICAL ruby WORKING POC
Feng Office <3.7.0.5 - RCE
Feng Office 3.7.0.5 allows remote attackers to execute arbitrary code via "<!--#exec cmd=" in a .shtml file to ck_upload_handler.php.
CVSS 9.8
CVE-2019-9581 EXPLOITDB HIGH ruby WORKING POC
phpscheduleit Booked Scheduler <2.7.5 - RCE
phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension.
CVSS 8.8
CVE-2019-11446 EXPLOITDB HIGH ruby WORKING POC
ATutor <2.2.4 - Command Injection
An issue was discovered in ATutor through 2.2.4. It allows the user to run commands on the server with the teacher user privilege. The Upload Files section in the File Manager field contains an arbitrary file upload vulnerability via upload.php. The $IllegalExtensions value only lists lowercase (and thus .phP is a bypass), and omits .shtml and .phtml.
CVSS 8.8
CVE-2019-12099 EXPLOITDB HIGH ruby WORKING POC
PHP- Fusion 9.03.00 - RCE
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
CVSS 8.8
CVE-2019-11631 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVE-2019-11447 EXPLOITDB HIGH ruby WORKING POC
CutePHP CuteNews 2.1.2 - Code Injection
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
CVSS 8.8
CVE-2019-10863 EXPLOITDB HIGH ruby WORKING POC
Combodo Teemip < 2.4.0 - Code Injection
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously and is not saved on the server.
CVSS 7.2
CVE-2019-13294 EXPLOITDB CRITICAL ruby WORKING POC
Arox School-erp - Authentication Bypass
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
CVSS 9.8
CVE-2019-11444 EXPLOITDB HIGH ruby WORKING POC
Liferay Portal CE 7.1.2 GA3 - Command Injection
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw
CVSS 7.2
CVE-2021-43339 EXPLOITDB HIGH ruby WORKING POC
Ericsson Network Location <2021-07-31 - Command Injection
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
CVSS 8.8
CVE-2019-15105 EXPLOITDB HIGH ruby WORKING POC
Zohocorp Manageengine Applications Manager < 14.2 - SQL Injection
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
CVSS 8.8
CVE-2019-15106 EXPLOITDB CRITICAL ruby WORKING POC
Zohocorp Manageengine Opmanager < 12.4.034 - Missing Authentication
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
CVSS 9.8
CVE-2019-15104 EXPLOITDB HIGH ruby WORKING POC
Zohocorp Manageengine Applications Manager < 14.0 - SQL Injection
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
CVSS 8.8
CVE-2019-11469 EXPLOITDB CRITICAL ruby WORKING POC
Zoho ManageEngine Apps Mgr <15 - SQL Injection
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
CVSS 9.8
CVE-2020-35665 EXPLOITDB CRITICAL ruby WORKING POC
Terra-master Terramaster Operating System - OS Command Injection
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
CVSS 9.8
CVE-2020-35606 EXPLOITDB HIGH ruby WORKING POC
Webmin < 1.962 - OS Command Injection
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
CVSS 8.8
EIP-2026-103330 EXPLOITDB ruby WORKING POC
Usermin 1.750 - Remote Command Execution (Metasploit)
EIP-2026-103288 EXPLOITDB ruby WORKING POC
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
CVE-2019-12840 EXPLOITDB HIGH ruby WORKING POC
Webmin < 1.910 - OS Command Injection
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVSS 8.8
CVE-2019-15107 EXPLOITDB CRITICAL ruby WORKING POC
Webmin < 1.920 - OS Command Injection
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
CVSS 9.8