AkkuS

99 exploits Active since Nov 2018
CVE-2019-13294 EXPLOITDB CRITICAL ruby WORKING POC
AROX School-ERP Pro - Unauthenticated Remote Code Execution via import_stud.php and upload_fille.php
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
CVSS 9.8
CVE-2021-43338 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidate is a duplicate of CVE-2021-43339. Notes: All CVE users should reference CVE-2021-43339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2022-22833 EXPLOITDB HIGH ruby WORKING POC
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
CVSS 7.5
CVE-2022-22832 EXPLOITDB CRITICAL ruby WORKING POC
Servisnet Tessa 0.0.2 - Unauthenticated Authorization Bypass via User Data Endpoint
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
CVSS 9.8
CVE-2022-22831 EXPLOITDB CRITICAL ruby WORKING POC
Servisnet Tessa 0.0.2 - Unauthenticated User Addition via Authorization Header Manipulation
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
CVSS 9.8
CVE-2019-11444 EXPLOITDB HIGH ruby WORKING POC
Liferay Portal CE 7.1.2 GA3 - Command Injection
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw
CVSS 7.2
CVE-2021-43339 EXPLOITDB HIGH ruby WORKING POC
Ericsson Network Location <2021-07-31 - Command Injection
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
CVSS 8.8
CVE-2019-11469 EXPLOITDB CRITICAL ruby WORKING POC
Zoho ManageEngine Apps Mgr <15 - SQL Injection
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
CVSS 9.8
CVE-2019-15106 EXPLOITDB CRITICAL ruby WORKING POC
ManageEngine OpManager < 12.4.034 - Unauthenticated Remote Command Execution via Default Credential Bypass
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
CVSS 9.8
CVE-2019-15104 EXPLOITDB HIGH ruby WORKING POC
ManageEngine Applications Manager 12.0-13.9 - SQL Injection via NewThresholdConfiguration.jsp resourceid Parameter
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
CVSS 8.8
CVE-2019-15105 EXPLOITDB HIGH ruby WORKING POC
ManageEngine Applications Manager < 14.2 - SQL Injection via NewThresholdConfiguration.jsp resourceid Parameter
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
CVSS 8.8
EIP-2026-103304 EXPLOITDB text WORKING POC
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
CVE-2020-35606 EXPLOITDB HIGH ruby WORKING POC
Webmin <= 1.962 - Authenticated Remote Command Execution via Package Updates Module
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
CVSS 8.8
EIP-2026-103330 EXPLOITDB ruby WORKING POC
Usermin 1.750 - Remote Command Execution (Metasploit)
CVE-2020-35665 EXPLOITDB CRITICAL ruby WORKING POC
TerraMaster Operating System <= 4.2.06 - Unauthenticated Remote Code Execution via Event Parameter in makecvs.php
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
CVSS 9.8
EIP-2026-103288 EXPLOITDB ruby WORKING POC
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
CVE-2019-12840 EXPLOITDB HIGH ruby WORKING POC
Webmin < 1.910 - Authenticated Remote Command Execution via Package Updates Module
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVSS 8.8
CVE-2020-14930 EXPLOITDB HIGH text WORKING POC
BT CTROMS Terminal OS Port Portal CT-464 - Info Disclosure
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.
CVSS 8.1
CVE-2019-15107 EXPLOITDB CRITICAL ruby WORKING POC
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
CVSS 9.8
CVE-2019-11445 EXPLOITDB HIGH ruby WORKING POC
OpenKM 6.3.2-6.3.7 - Unauthenticated Remote Code Execution via JSP File Upload
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
CVSS 7.2
CVE-2019-13597 EXPLOITDB CRITICAL python WORKING POC
Sahi Pro 8.0.0 - Unauthenticated Remote Code Execution via Player_setScriptFile
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
CVSS 9.8
EIP-2026-101415 EXPLOITDB ruby WORKING POC
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
CVE-2019-9624 EXPLOITDB HIGH ruby WORKING POC
Webmin 1.900 - Remote Code Execution via Upload and Download Privilege Abuse
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
CVSS 7.8
CVE-2018-20503 EXPLOITDB MEDIUM text WORKING POC
Allied Telesis 8100L/8 Firmware - Stored Cross-Site Scripting via IPv4 Interface Editor
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
CVSS 6.1