Mohammad Askar (@mohammadaskar2) - Security Researcher

CVE-2020-14947 NOMISEC HIGH WORKING POC

OCS Inventory NG 2.7 - Remote Code Execution via Shell Metacharacters in SNMP MIB File Handling

OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.

19 stars

CVSS 8.8

View Code

CVE-2019-20224 NOMISEC HIGH WORKING POC

Pandora FMS 7.0NG - Authenticated OS Command Injection via netflow_get_stats ip_src Parameter

netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742.

14 stars

CVSS 8.8

View Code

CVE-2019-16662 NOMISEC CRITICAL WORKING POC

rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

13 stars

CVSS 9.8

View Code

CVE-2023-0315 NOMISEC HIGH WORKING POC

froxlor/froxlor <2.0.8 - Command Injection

Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.

7 stars

CVSS 8.8

View Code