Markus Krell

6 exploits Active since Apr 2016
CVE-2016-2056 METASPLOIT HIGH ruby WORKING POC
Xymon 4.1.x-4.3.x - Authenticated Command Injection via adduser_name Argument
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
CVSS 8.8
CVE-2016-2055 METASPLOIT HIGH ruby WORKING POC
Xymon Daemon Gather Information
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
CVSS 7.5
CVE-2019-15742 METASPLOIT HIGH ruby WORKING POC
Poly Plantronics Hub <3.14 - Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
CVSS 7.8
EIP-2026-117772 EXPLOITDB text WORKING POC
Plantronics Hub 3.13.2 - Local Privilege Escalation
CVE-2019-15742 EXPLOITDB HIGH ruby WORKING POC
Poly Plantronics Hub <3.14 - Privilege Escalation
A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges.
CVSS 7.8
CVE-2016-2056 EXPLOITDB HIGH ruby WORKING POC
Xymon 4.1.x-4.3.x - Authenticated Command Injection via adduser_name Argument
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
CVSS 8.8