Julien CAYSSOL

3 exploits Active since Mar 2008
CVE-2010-10013 EXPLOITDB CRITICAL ruby WORKING POC
AjaXplorer <2.6 - RCE
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
CVE-2010-10013 METASPLOIT CRITICAL ruby WORKING POC
AjaXplorer <2.6 - RCE
An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer GET parameter. By injecting shell metacharacters, remote attackers can execute arbitrary system commands on the server with the privileges of the web server process.
CVE-2008-1119 EXPLOITDB python WORKING POC
Centreon <1.4.2.3 - Path Traversal
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.