Matthew Aberegg - Security Researcher - Exploit Intelligence Platform

CVE-2020-10220 NOMISEC CRITICAL WORKING POC

Rconfig 3.x Chained Remote Code Execution

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

CVSS 9.8

View Code

CVE-2020-36993 EXPLOITDB MEDIUM text WORKING POC

LimeSurvey < 4.3.10 - Stored Cross-Site Scripting in Survey Menu via Surveymenu Parameters

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.

CVSS 5.4

View Code

CVE-2019-9960 METASPLOIT CRITICAL ruby WORKING POC

LimeSurvey Zip Path Traversals

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.

CVSS 9.8

View Code

CVE-2020-5791 METASPLOIT HIGH ruby WORKING POC

Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

CVSS 7.2

View Code

CVE-2015-7611 METASPLOIT HIGH ruby WORKING POC

Apache James Server < 2.3.2.1 - OS Command Injection

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

CVSS 8.1

View Code

CVE-2020-10879 EXPLOITDB CRITICAL python WORKING POC

rconfig < 3.9.5 - OS Command Injection via nodeId Parameter

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.

CVSS 9.8

View Code

EIP-2026-110461 EXPLOITDB text WORKING POC

Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-110462 EXPLOITDB text WORKING POC

Pandora FMS 7.0 NG 750 - 'Network Scan' SQL Injection (Authenticated)

View Code

EIP-2026-110460 EXPLOITDB text WORKING POC

Pandora FMS 7.0 NG 749 - 'CG Items' SQL Injection (Authenticated)

View Code

EIP-2026-110402 EXPLOITDB text WORKING POC

osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting

View Code

EIP-2026-110403 EXPLOITDB text WORKING POC

osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting

View Code

EIP-2026-109826 EXPLOITDB text WORKING POC

Nagios XI 5.7.3 - 'Contact Templates' Persistent Cross-Site Scripting

View Code

EIP-2026-109829 EXPLOITDB text WORKING POC

Nagios XI 5.7.5 - Multiple Persistent Cross-Site Scripting

View Code

EIP-2026-109828 EXPLOITDB text WORKING POC

Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection

View Code

CVE-2020-5791 EXPLOITDB HIGH python WORKING POC

Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

CVSS 7.2

View Code

EIP-2026-109827 EXPLOITDB text WORKING POC

Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection

View Code

EIP-2026-109142 EXPLOITDB text WORKING POC

LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting

View Code

CVE-2020-11456 EXPLOITDB MEDIUM text WORKING POC

LimeSurvey < 4.1.12+200324 - Stored Cross-Site Scripting in Survey Groups

LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).

CVSS 5.4

View Code

CVE-2020-11455 EXPLOITDB CRITICAL text WORKING POC

LimeSurvey < 4.1.12+200324 - Path Traversal in LimeSurveyFileManager

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.

CVSS 9.8

View Code

CVE-2015-7611 EXPLOITDB HIGH ruby WORKING POC

Apache James Server < 2.3.2.1 - OS Command Injection

Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.

CVSS 8.1

View Code

CVE-2020-11457 EXPLOITDB MEDIUM text WORKING POC

pfSense < 2.4.5 - Stored Cross-Site Scripting via User Full Name Parameter

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

CVSS 5.4

View Code