Fabien AUNAY

9 exploits Active since Apr 2020
CVE-2022-22845 NOMISEC CRITICAL WORKING POC
QXIP SIPCAPTURE homer-app < 1.4.28 - Use of Hard-coded JWT Secret Key
QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
2 stars
CVSS 9.8
CVE-2019-19699 METASPLOIT HIGH ruby WORKING POC
Centreon Infrastructure Monitoring Software <19.10 - Authenticated RCE
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.
CVSS 7.2
CVE-2020-37153 EXPLOITDB CRITICAL text WORKING POC
ASTPP 4.0.1 - XSS, Command Injection
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
CVSS 9.8
CVE-2020-37104 EXPLOITDB HIGH text WORKING POC
ASTPP 4.0.1 - Unauthenticated Sensitive Information Disclosure via Database Backup Download
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
CVSS 7.5
EIP-2026-105778 EXPLOITDB text WORKING POC
Centreon 19.10.5 - 'centreontrapd' Remote Command Execution
EIP-2026-105783 EXPLOITDB text WORKING POC
Centreon 19.10.5 - Remote Command Execution
EIP-2026-105780 EXPLOITDB text WORKING POC
Centreon 19.10.5 - 'Pollers' Remote Command Execution
EIP-2026-105781 EXPLOITDB ruby WORKING POC
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
EIP-2026-105782 EXPLOITDB text WORKING POC
Centreon 19.10.5 - Database Credentials Disclosure