Xh4H

3 exploits Active since Jan 2020
CVE-2020-7980 NOMISEC CRITICAL WORKING POC
Intellian Aptus Web 1.24 - OS Command Injection via Q Field in JSON Data
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
73 stars
CVSS 9.8
CVE-2023-34840 NOMISEC MEDIUM WRITEUP
angular-ui-notification < 0.3.6 - Stored Cross-Site Scripting
angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability.
3 stars
CVSS 6.1
CVE-2020-7980 EXPLOITDB CRITICAL python WORKING POC
Intellian Aptus Web 1.24 - OS Command Injection via Q Field in JSON Data
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
CVSS 9.8