Michael Burkey

7 exploits Active since Jun 2016
CVE-2020-10220 NOMISEC CRITICAL WORKING POC
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS 9.8
CVE-2019-9960 METASPLOIT CRITICAL ruby WORKING POC
LimeSurvey Zip Path Traversals
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
CVSS 9.8
CVE-2015-7611 METASPLOIT HIGH ruby WORKING POC
Apache James Server < 2.3.2.1 - OS Command Injection
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
CVSS 8.1
CVE-2020-10879 EXPLOITDB CRITICAL python WORKING POC
rconfig < 3.9.5 - OS Command Injection via nodeId Parameter
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
CVSS 9.8
CVE-2020-11456 EXPLOITDB MEDIUM text WORKING POC
LimeSurvey < 4.1.12+200324 - Stored Cross-Site Scripting in Survey Groups
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
CVSS 5.4
CVE-2020-11455 EXPLOITDB CRITICAL text WORKING POC
LimeSurvey < 4.1.12+200324 - Path Traversal in LimeSurveyFileManager
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
CVSS 9.8
CVE-2015-7611 EXPLOITDB HIGH ruby WORKING POC
Apache James Server < 2.3.2.1 - OS Command Injection
Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.
CVSS 8.1