Matthew Aberegg

21 exploits Active since Jun 2016
CVE-2020-10220 NOMISEC CRITICAL WORKING POC
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS 9.8
CVE-2020-36993 EXPLOITDB MEDIUM text WORKING POC
LimeSurvey 4.3.10 - XSS
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
CVSS 5.4
CVE-2019-9960 METASPLOIT CRITICAL ruby WORKING POC
LimeSurvey Zip Path Traversals
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
CVSS 9.8
CVE-2020-5791 METASPLOIT HIGH ruby WORKING POC
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVSS 7.2
CVE-2015-7611 METASPLOIT HIGH ruby WORKING POC
Apache James Server 2.3.2 - RCE
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
CVSS 8.1
CVE-2020-10879 EXPLOITDB CRITICAL python WORKING POC
rConfig <3.9.5 - Command Injection
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
CVSS 9.8
EIP-2026-110461 EXPLOITDB text WORKING POC
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities
EIP-2026-110462 EXPLOITDB text WORKING POC
Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)
EIP-2026-110460 EXPLOITDB text WORKING POC
Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)
EIP-2026-110402 EXPLOITDB text WORKING POC
osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting
EIP-2026-110403 EXPLOITDB text WORKING POC
osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting
EIP-2026-109826 EXPLOITDB text WORKING POC
Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting
EIP-2026-109829 EXPLOITDB text WORKING POC
Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting
EIP-2026-109828 EXPLOITDB text WORKING POC
Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
CVE-2020-5791 EXPLOITDB HIGH python WORKING POC
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVSS 7.2
EIP-2026-109827 EXPLOITDB text WORKING POC
Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
EIP-2026-109142 EXPLOITDB text WORKING POC
LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting
CVE-2020-11456 EXPLOITDB MEDIUM text WORKING POC
Limesurvey < 4.1.11 - XSS
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
CVSS 5.4
CVE-2020-11455 EXPLOITDB CRITICAL text WORKING POC
Limesurvey < 4.1.11 - Path Traversal
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
CVSS 9.8
CVE-2015-7611 EXPLOITDB HIGH ruby WORKING POC
Apache James Server 2.3.2 - RCE
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
CVSS 8.1
CVE-2020-11457 EXPLOITDB MEDIUM text WORKING POC
Netgate Pfsense < 2.4.5 - XSS
pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.
CVSS 5.4