mhaskar

16 exploits Active since Apr 2019
CVE-2020-8813 NOMISEC HIGH WORKING POC
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
68 stars
CVSS 8.8
CVE-2020-14947 NOMISEC HIGH WORKING POC
OCS Inventory NG 2.7 - Remote Code Execution via Shell Metacharacters in SNMP MIB File Handling
OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
19 stars
CVSS 8.8
CVE-2020-12078 NOMISEC HIGH WORKING POC
Open-AudIT 3.3.1 - OS Command Injection via Discovery Settings Exclude IP Parameter
An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address.
18 stars
CVSS 8.8
CVE-2019-20224 NOMISEC HIGH WORKING POC
Pandora FMS 7.0NG - Authenticated OS Command Injection via netflow_get_stats ip_src Parameter
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742.
14 stars
CVSS 8.8
CVE-2019-16662 NOMISEC CRITICAL WORKING POC
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
13 stars
CVSS 9.8
CVE-2019-13024 NOMISEC HIGH WORKING POC
Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
11 stars
CVSS 8.8
CVE-2024-11320 NOMISEC CRITICAL WORKING POC
Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
9 stars
CVSS 9.8
CVE-2018-20434 NOMISEC CRITICAL WORKING POC
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
9 stars
CVSS 9.8
CVE-2023-0315 NOMISEC HIGH WORKING POC
froxlor/froxlor <2.0.8 - Command Injection
Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.
7 stars
CVSS 8.8
CVE-2019-15029 NOMISEC HIGH WORKING POC
FusionPBX 4.4.8 - Authenticated Remote Code Execution via service_edit.php Command Injection
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.
7 stars
CVSS 8.8
CVE-2019-16663 NOMISEC HIGH WORKING POC
rconfig 3.9.2 - OS Command Injection via catCommand Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
6 stars
CVSS 8.8
CVE-2019-13024 NOMISEC HIGH WORKING POC
Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
1 stars
CVSS 8.8
CVE-2019-16662 METASPLOIT CRITICAL ruby WORKING POC
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 9.8
CVE-2018-20434 METASPLOIT CRITICAL ruby WORKING POC
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
CVSS 9.8
CVE-2019-16662 EXPLOITDB CRITICAL ruby WORKING POC
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 9.8
CVE-2018-20434 EXPLOITDB CRITICAL ruby WORKING POC
LibreNMS 1.46 - OS Command Injection via $_POST['community'] Parameter
LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $_POST['community'] parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajax_output.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers html/includes/output/capture.inc.php command mishandling.
CVSS 9.8