Askar (@mohammadaskar2)

7 exploits Active since Jul 2019
CVE-2020-8813 NOMISEC HIGH WORKING POC
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
68 stars
CVSS 8.8
CVE-2020-12078 NOMISEC HIGH WORKING POC
Open-AudIT 3.3.1 - OS Command Injection via Discovery Settings Exclude IP Parameter
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
18 stars
CVSS 8.8
CVE-2019-15029 NOMISEC HIGH WORKING POC
FusionPBX 4.4.8 - Authenticated Remote Code Execution via service_edit.php Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
7 stars
CVSS 8.8
CVE-2020-12078 NOMISEC HIGH WORKING POC
Open-AudIT 3.3.1 - OS Command Injection via Discovery Settings Exclude IP Parameter
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
CVSS 8.8
EIP-2026-110452 EXPLOITDB python WORKING POC
Pandora 7.0NG - Remote Code Execution
CVE-2019-13024 EXPLOITDB HIGH python WORKING POC
Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
CVSS 8.8
CVE-2020-14947 EXPLOITDB HIGH text WORKING POC
OCS Inventory NG 2.7 - Remote Code Execution via Shell Metacharacters in SNMP MIB File Handling
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
CVSS 8.8