Fabien AUNAY

8 exploits Active since Jan 2022
CVE-2022-22845 NOMISEC CRITICAL WORKING POC
Qxip Homer Webapp < 1.4.28 - Hard-coded Credentials
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
2 stars
CVSS 9.8
CVE-2020-37153 EXPLOITDB CRITICAL text WORKING POC
ASTPP 4.0.1 - XSS, Command Injection
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
CVSS 9.8
CVE-2020-37104 EXPLOITDB HIGH text WORKING POC
ASTPP 4.0.1 - Info Disclosure
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
CVSS 7.5
EIP-2026-105782 EXPLOITDB text WORKING POC
Centreon 19.10.5 - Database Credentials Disclosure
EIP-2026-105778 EXPLOITDB text WORKING POC
Centreon 19.10.5 - 'centreontrapd' Remote Command Execution
EIP-2026-105783 EXPLOITDB text WORKING POC
Centreon 19.10.5 - Remote Command Execution
EIP-2026-105780 EXPLOITDB text WORKING POC
Centreon 19.10.5 - 'Pollers' Remote Command Execution
EIP-2026-105781 EXPLOITDB ruby WORKING POC
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)