Nicolas CHATELAIN

19 exploits Active since Jan 2017
CVE-2016-7998 GITHUB HIGH WRITEUP
SPIP < 3.1.2 - Authenticated Remote Code Execution via Crafted INCLUDE/INCLURE Tag
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
4 stars
CVSS 8.8
CVE-2017-11322 GITHUB HIGH WORKING POC
UCOPIA Wireless Appliance < 5.1.7 - OS Command Injection via chroothole_client Argument
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
4 stars
CVSS 8.2
CVE-2017-11321 GITHUB HIGH WRITEUP
UCOPIA Wireless Appliance < 5.1.8 - Authenticated Privilege Escalation via Less Command Shell Metacharacter Injection
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
4 stars
CVSS 7.2
CVE-2021-40323 GITHUB CRITICAL WORKING POC
Cobbler < 3.3.0 - Remote Code Execution via XMLRPC Log Poisoning
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
4 stars
CVSS 9.8
CVE-2020-5847 GITHUB CRITICAL WRITEUP
Unraid < 6.8.0 - Unauthenticated Remote Code Execution
Unraid through 6.8.0 allows Remote Code Execution.
4 stars
CVSS 9.8
CVE-2020-12050 GITHUB HIGH WORKING POC
Opensuse Backports Sle - Race Condition
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.
4 stars
CVSS 7.0
CVE-2020-10936 GITHUB HIGH WORKING POC
Sympa <6.2.56 - Privilege Escalation
Sympa before 6.2.56 allows privilege escalation.
4 stars
CVSS 7.8
CVE-2020-5849 METASPLOIT HIGH ruby WORKING POC
unraid 6.8.0 - Authentication Bypass
Unraid 6.8.0 allows authentication bypass.
CVSS 7.5
CVE-2020-5847 EXPLOITDB CRITICAL ruby WORKING POC
Unraid < 6.8.0 - Unauthenticated Remote Code Execution
Unraid through 6.8.0 allows Remote Code Execution.
CVSS 9.8
CVE-2020-5847 METASPLOIT CRITICAL ruby WORKING POC
Unraid < 6.8.0 - Unauthenticated Remote Code Execution
Unraid through 6.8.0 allows Remote Code Execution.
CVSS 9.8
EIP-2026-114665 EXPLOITDB ruby WORKING POC
Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
CVE-2016-7998 EXPLOITDB HIGH text WORKING POC
SPIP < 3.1.2 - Authenticated Remote Code Execution via Crafted INCLUDE/INCLURE Tag
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
CVSS 8.8
CVE-2016-7980 EXPLOITDB HIGH text WRITEUP
SPIP < 3.1.2 - Cross-Site Request Forgery via XML Validator
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
CVSS 8.8
CVE-2016-7982 EXPLOITDB HIGH text WORKING POC
SPIP < 3.1.2 - Path Traversal via var_url Parameter
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
CVSS 7.5
EIP-2026-105784 EXPLOITDB text WORKING POC
Centreon 2.5.3 - Remote Command Execution
CVE-2020-5849 EXPLOITDB HIGH ruby WORKING POC
unraid 6.8.0 - Authentication Bypass
Unraid 6.8.0 allows authentication bypass.
CVSS 7.5
EIP-2026-103204 EXPLOITDB text WORKING POC
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution
CVE-2017-11321 EXPLOITDB HIGH WORKING POC
UCOPIA Wireless Appliance < 5.1.8 - Authenticated Privilege Escalation via Less Command Shell Metacharacter Injection
The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.
CVSS 7.2
CVE-2017-11322 EXPLOITDB HIGH WORKING POC
UCOPIA Wireless Appliance < 5.1.7 - OS Command Injection via chroothole_client Argument
The chroothole_client executable in UCOPIA Wireless Appliance before 5.1.8 allows remote attackers to gain root privileges via a dollar sign ($) metacharacter in the argument to chroothole_client.
CVSS 8.2