Huy-Ngoc DAU

7 exploits Active since Jul 2015
CVE-2015-1560 EXPLOITDB WRITEUP
Centreon < 2.5.4 - SQL Injection via sid Parameter
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.
CVE-2014-8676 EXPLOITDB MEDIUM text WORKING POC
soplanning < 1.32 - Path Traversal via URL Path Parameter
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
CVSS 5.3
CVE-2014-8675 EXPLOITDB HIGH text WORKING POC
soplanning < 1.32 - Exposure of Sensitive Information via ICAL Calendar Link
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
CVSS 7.5
CVE-2014-8674 EXPLOITDB MEDIUM text WORKING POC
soplanning < 1.33 - Cross-Site Scripting via nb_mois, mb_ligness, and export.php Debug Parameter
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
CVSS 5.4
CVE-2014-8673 EXPLOITDB CRITICAL text WORKING POC
SOPPlanning <1.33 - SQL Injection
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
CVSS 9.8
CVE-2014-8677 EXPLOITDB MEDIUM text WORKING POC
soplanning < 1.32 - Authenticated Remote Code Execution via Crafted Database Name
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
CVSS 5.3
CVE-2015-1561 EXPLOITDB text WRITEUP
Centreon <2.5.4 - Command Injection
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.