theguly

7 exploits Active since Aug 2017
CVE-2017-14105 NOMISEC HIGH WORKING POC
HiveManager Classic through 8.1r1 - Authenticated Arbitrary JSP Code Execution via Backup Archive Restore
HiveManager Classic through 8.1r1 allows arbitrary JSP code execution by modifying a backup archive before a restore, because the restore feature does not validate pathnames within the archive. An authenticated, local attacker - even restricted as a tenant - can add a jsp at HiveManager/tomcat/webapps/hm/domains/$yourtenant/maps (it will be exposed at the web interface).
1 stars
CVSS 7.8
CVE-2015-9107 WRITEUP CRITICAL WORKING POC
Zoho ManageEngine OpManager 11-12.2 - Credential Exposure via Weak Custom Encryption
Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor.
CVSS 9.8
CVE-2020-10546 WRITEUP CRITICAL WORKING POC
rconfig < 3.9.4 - Unauthenticated SQL Injection via compliancepolicies.inc.php
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVSS 9.8
CVE-2020-10547 WRITEUP CRITICAL WORKING POC
rconfig < 3.9.4 - Unauthenticated SQL Injection via compliancepolicyelements.inc.php
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVSS 9.8
CVE-2020-10548 WRITEUP CRITICAL WORKING POC
rconfig < 3.9.4 - Unauthenticated SQL Injection via devices.inc.php
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVSS 9.8
CVE-2020-10549 WRITEUP CRITICAL WORKING POC
rconfig < 3.9.4 - Unauthenticated SQL Injection via snippets.inc.php
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVSS 9.8
CVE-2020-13778 WRITEUP HIGH WORKING POC
rconfig < 3.9.4 - Authenticated OS Command Injection via Template Handler
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
CVSS 8.8