AkkuS

99 exploits Active since Nov 2018
CVE-2019-13294 EXPLOITDB CRITICAL ruby WORKING POC
Arox School-erp - Authentication Bypass
AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system.
CVSS 9.8
CVE-2021-43338 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidate is a duplicate of CVE-2021-43339. Notes: All CVE users should reference CVE-2021-43339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2022-22833 EXPLOITDB HIGH ruby WORKING POC
Servisnet Tessa 0.0.2 - Info Disclosure
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
CVSS 7.5
CVE-2022-22832 EXPLOITDB CRITICAL ruby WORKING POC
Servisnet Tessa - IDOR
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
CVSS 9.8
CVE-2022-22831 EXPLOITDB CRITICAL ruby WORKING POC
Servisnet Tessa - Authentication Bypass
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
CVSS 9.8
CVE-2019-11444 EXPLOITDB HIGH ruby WORKING POC
Liferay Portal CE 7.1.2 GA3 - Command Injection
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw
CVSS 7.2
CVE-2021-43339 EXPLOITDB HIGH ruby WORKING POC
Ericsson Network Location <2021-07-31 - Command Injection
In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be created.
CVSS 8.8
CVE-2019-11469 EXPLOITDB CRITICAL ruby WORKING POC
Zoho ManageEngine Apps Mgr <15 - SQL Injection
Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.
CVSS 9.8
CVE-2019-15106 EXPLOITDB CRITICAL ruby WORKING POC
Zohocorp Manageengine Opmanager < 12.4.034 - Missing Authentication
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
CVSS 9.8
CVE-2019-15104 EXPLOITDB HIGH ruby WORKING POC
Zohocorp Manageengine Applications Manager < 14.0 - SQL Injection
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
CVSS 8.8
CVE-2019-15105 EXPLOITDB HIGH ruby WORKING POC
Zohocorp Manageengine Applications Manager < 14.2 - SQL Injection
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
CVSS 8.8
EIP-2026-103304 EXPLOITDB text WORKING POC
NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection
CVE-2020-35606 EXPLOITDB HIGH ruby WORKING POC
Webmin < 1.962 - OS Command Injection
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
CVSS 8.8
EIP-2026-103330 EXPLOITDB ruby WORKING POC
Usermin 1.750 - Remote Command Execution (Metasploit)
CVE-2020-35665 EXPLOITDB CRITICAL ruby WORKING POC
Terra-master Terramaster Operating System - OS Command Injection
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
CVSS 9.8
EIP-2026-103288 EXPLOITDB ruby WORKING POC
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
CVE-2019-12840 EXPLOITDB HIGH ruby WORKING POC
Webmin < 1.910 - OS Command Injection
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVSS 8.8
CVE-2019-15107 EXPLOITDB CRITICAL ruby WORKING POC
Webmin < 1.920 - OS Command Injection
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
CVSS 9.8
CVE-2020-14930 EXPLOITDB HIGH text WORKING POC
BT CTROMS Terminal OS Port Portal CT-464 - Info Disclosure
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.
CVSS 8.1
CVE-2019-11445 EXPLOITDB HIGH ruby WORKING POC
OpenKM 6.3.2-6.3.7 - RCE
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's Export field. As a result, attackers can gain remote code execution through the application server with root privileges.
CVSS 7.2
CVE-2019-13597 EXPLOITDB CRITICAL python WORKING POC
Sahi Pro 8.0.0 - Command Injection
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
CVSS 9.8
EIP-2026-101415 EXPLOITDB ruby WORKING POC
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
CVE-2019-9624 EXPLOITDB HIGH ruby WORKING POC
Webmin 1.900 - RCE
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
CVSS 7.8
CVE-2018-20503 EXPLOITDB MEDIUM text WORKING POC
Alliedtelesis 8100l/8 Firmware - XSS
Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter.
CVSS 6.1