andyfeili

3 exploits Active since Jul 2014
CVE-2019-7214 NOMISEC CRITICAL WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
1 stars
CVSS 9.8
CVE-2014-4688 NOMISEC WORKING POC
pfSense <2.1.4 - Command Injection
pfSense before 2.1.4 allows remote authenticated users to execute arbitrary commands via (1) the hostname value to diag_dns.php in a Create Alias action, (2) the smartmonemail value to diag_smart.php, or (3) the database value to status_rrd_graph_img.php.
1 stars
CVE-2018-9276 NOMISEC HIGH WORKING POC
Paessler Prtg Network Monitor < 18.2.39 - OS Command Injection
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
CVSS 7.2