Orange Cyberdefense

12 exploits Active since Jan 2020
CVE-2022-45185 WRITEUP HIGH WORKING POC
SuiteCRM 7.12.7 - Authenticated Remote Code Execution via Deserialization
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.
CVSS 8.8
CVE-2022-45186 WRITEUP HIGH WORKING POC
SuiteCRM 7.12.7 - Privilege Escalation
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.
CVSS 8.1
CVE-2023-23563 WRITEUP MEDIUM WRITEUP
Geomatika IsiGeo Web 6.0 - Authenticated SQL Injection
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.
CVSS 6.5
CVE-2023-23564 WRITEUP HIGH WRITEUP
Geomatika IsiGeo Web 6.0 - Authenticated Remote Command Execution
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.
CVSS 8.8
CVE-2023-23565 WRITEUP MEDIUM WRITEUP
Geomatika IsiGeo Web 6.0 - Authenticated Local File Inclusion
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.
CVSS 4.9
CVE-2019-19585 METASPLOIT HIGH ruby WORKING POC
rConfig 3.9.3 - Privilege Escalation
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
CVSS 7.8
CVE-2019-19509 METASPLOIT HIGH ruby WORKING POC
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 8.8
CVE-2023-32784 VULNCHECK_XDB HIGH WORKING POC
KeePass 2.00-2.53 - Cleartext Master Password Exposure via Memory Dump
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
CVSS 7.5
CVE-2022-35914 VULNCHECK_XDB CRITICAL WORKING POC
GLPI htmLawed php command injection
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
CVSS 9.8
CVE-2019-19509 EXPLOITDB HIGH ruby WORKING POC
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 8.8
CVE-2020-10220 METASPLOIT CRITICAL ruby WORKING POC
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS 9.8
CVE-2020-10220 EXPLOITDB CRITICAL ruby WORKING POC
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS 9.8