Security Assessment

8 exploits Active since Jan 2018
CVE-2016-15044 EXPLOITDB CRITICAL text WORKING POC
Kaltura <11.1.0-2 - Code Injection
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.
CVE-2016-10709 EXPLOITDB HIGH text WORKING POC
Pfsense < 2.2.6 - OS Command Injection
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
CVSS 8.8
EIP-2026-111782 EXPLOITDB text WORKING POC
Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities
EIP-2026-109821 EXPLOITDB text WORKING POC
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
EIP-2026-109823 EXPLOITDB text WORKING POC
Nagios XI 5.2.7 - Multiple Vulnerabilities
EIP-2026-109819 EXPLOITDB text WORKING POC
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities
EIP-2026-109820 EXPLOITDB text WRITEUP
Nagios Log Server 1.4.1 - Multiple Vulnerabilities
EIP-2026-104450 EXPLOITDB python WORKING POC
Splunk Enterprise 6.4.3 - Server-Side Request Forgery