Onur ER

6 exploits Active since Jun 2022
CVE-2025-34088 EXPLOITDB HIGH ruby WORKING POC
Pandora FMS <7.0NG - Command Injection
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
CVSS 8.8
CVE-2019-25065 METASPLOIT MEDIUM ruby WORKING POC
OpenNetAdmin 18.1.1 - Privilege Escalation
A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2019-25066 METASPLOIT MEDIUM ruby WORKING POC
ajenti <2.1.31 - Privilege Escalation
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.
CVSS 6.3
CVE-2025-34088 METASPLOIT HIGH ruby WORKING POC
Pandora FMS <7.0NG - Command Injection
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
CVSS 8.8
EIP-2026-110312 EXPLOITDB ruby WORKING POC
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)
EIP-2026-102437 EXPLOITDB ruby WORKING POC
Ajenti 2.1.31 - Remote Code Exection (Metasploit)