Askar

12 exploits Active since Apr 2019
CVE-2023-0315 METASPLOIT HIGH ruby WORKING POC
froxlor/froxlor <2.0.8 - Command Injection
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS 8.8
CVE-2019-16662 EXPLOITDB CRITICAL python WORKING POC
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 9.8
EIP-2026-110452 EXPLOITDB python WORKING POC
Pandora 7.0NG - Remote Code Execution
EIP-2026-110241 EXPLOITDB python WORKING POC
Open-AudIT Professional 3.3.1 - Remote Code Execution
CVE-2018-20434 EXPLOITDB CRITICAL python WORKING POC
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
CVSS 9.8
CVE-2023-0315 EXPLOITDB HIGH python WORKING POC
froxlor/froxlor <2.0.8 - Command Injection
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
CVSS 8.8
CVE-2019-13024 EXPLOITDB HIGH python WORKING POC
Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
CVSS 8.8
EIP-2026-105683 EXPLOITDB python WORKING POC
Cacti 1.2.8 - Remote Code Execution
CVE-2020-14947 EXPLOITDB HIGH text WORKING POC
OCS Inventory NG 2.7 - Remote Code Execution via Shell Metacharacters in SNMP MIB File Handling
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
CVSS 8.8
CVE-2020-8813 EXPLOITDB HIGH python WORKING POC
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVSS 8.8
CVE-2020-8813 EXPLOITDB HIGH python WORKING POC
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
CVSS 8.8
CVE-2019-15029 EXPLOITDB HIGH python WORKING POC
FusionPBX 4.4.8 - Authenticated Remote Code Execution via service_edit.php Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
CVSS 8.8