Nicolas CHATELAIN

19 exploits Active since Jan 2017
CVE-2016-7998 GITHUB HIGH WRITEUP
SPIP <3.1.2 - Authenticated RCE
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
4 stars
CVSS 8.8
CVE-2017-11322 GITHUB HIGH WORKING POC
Ucopia Wireless Appliance < 5.1.7 - OS Command Injection
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
4 stars
CVSS 8.2
CVE-2017-11321 GITHUB HIGH WRITEUP
Ucopia Wireless Appliance < 5.1.7 - OS Command Injection
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
4 stars
CVSS 7.2
CVE-2021-40323 GITHUB CRITICAL WORKING POC
Cobbler <3.3.0 - RCE
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
4 stars
CVSS 9.8
CVE-2020-5847 GITHUB CRITICAL WRITEUP
Unraid <6.8.0 - RCE
Unraid through 6.8.0 allows Remote Code Execution.
4 stars
CVSS 9.8
CVE-2020-12050 GITHUB HIGH WORKING POC
Opensuse Backports Sle - Race Condition
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.
4 stars
CVSS 7.0
CVE-2020-10936 GITHUB HIGH WORKING POC
Sympa <6.2.56 - Privilege Escalation
Sympa before 6.2.56 allows privilege escalation.
4 stars
CVSS 7.8
CVE-2020-5849 METASPLOIT HIGH ruby WORKING POC
Unraid 6.8.0 - Auth Bypass
Unraid 6.8.0 allows authentication bypass.
CVSS 7.5
CVE-2020-5847 EXPLOITDB CRITICAL ruby WORKING POC
Unraid <6.8.0 - RCE
Unraid through 6.8.0 allows Remote Code Execution.
CVSS 9.8
CVE-2020-5847 METASPLOIT CRITICAL ruby WORKING POC
Unraid <6.8.0 - RCE
Unraid through 6.8.0 allows Remote Code Execution.
CVSS 9.8
EIP-2026-114665 EXPLOITDB ruby WORKING POC
Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
CVE-2016-7998 EXPLOITDB HIGH text WORKING POC
SPIP <3.1.2 - Authenticated RCE
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
CVSS 8.8
CVE-2016-7980 EXPLOITDB HIGH text WRITEUP
Spip < 3.1.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
CVSS 8.8
CVE-2016-7982 EXPLOITDB HIGH text WORKING POC
Spip < 3.1.2 - Path Traversal
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
CVSS 7.5
EIP-2026-105784 EXPLOITDB text WORKING POC
Centreon 2.5.3 - Remote Command Execution
CVE-2020-5849 EXPLOITDB HIGH ruby WORKING POC
Unraid 6.8.0 - Auth Bypass
Unraid 6.8.0 allows authentication bypass.
CVSS 7.5
EIP-2026-103204 EXPLOITDB text WORKING POC
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution
CVE-2017-11321 EXPLOITDB HIGH WORKING POC
Ucopia Wireless Appliance < 5.1.7 - OS Command Injection
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
CVSS 7.2
CVE-2017-11322 EXPLOITDB HIGH WORKING POC
Ucopia Wireless Appliance < 5.1.7 - OS Command Injection
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
CVSS 8.2