6 matches found
CVE-2020-35846
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function...
Agentejo Cockpit NoSQL Injection (CVE-2020-35846)
A NoSQL Injection vulnerability exists in Agentejo Cockpit. Successful exploitation of this vulnerability could allow attackers to inject commands and execute arbitrary code on the affected system...
Exploit for SQL Injection in Agentejo Cockpit
CVE-2020-35846 - Leak Cockpit Usernames PoC John Hammond...
Metasploit Wrap-Up
Nagios modules Community member Erik Wynter has contributed two more Nagios XI modules this week, on top of the previous week’s contributions! If you’ve noticed Nagios XI 5.6.0 to 5.7.5 running within your target’s infrastructure during a pen test, be sure to check both these new modules out as...
Cockpit CMS NoSQLi to RCE
This module exploits two NoSQLi vulnerabilities to retrieve the user list, and password reset tokens from the system. Next, the USER is targetted to reset their password. Then a command injection vulnerability is used to execute the payload. While it is possible to upload a payload and execute it...
CVE-2020-35846
creationtimestamp| type| source ---|---|--- 2020-12-30 07:30:07+00:00| seen| https://t.me/cibsecurity/21421 2021-04-21 12:28:51+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cockpitcmsrce.rb 2025-02-06 03:13:44+00:00| seen|...