header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

reNgine 2.2.0 – Command Injection (Authenticated)

The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit

The TELSAT marKoni FM transmitters are vulnerable to unauthenticated remote code execution with root privileges. By manipulating the Email settings' WAN IP info service, which uses the 'wget' module, an attacker can exploit a command injection flaw. This allows unauthorized access with administrative privileges through the 'url' parameter in the HTTP GET request to ekafcgi.fcgi.

KiTTY 0.76.1.13 – Command Injection

A command injection vulnerability exists in KiTTY version 0.76.1.13 and below. By exploiting this vulnerability, a remote attacker could execute arbitrary commands on the target system. This vulnerability has been assigned CVE-2024-23749.

Nodez 4.6.1.1 Mercury (possibly prior versions) multiple vulnerabilities

The 'op', 'bop', 'ext', 'eop' arguments are not properly sanitized before including files from local resources, allowing for arbitrary file inclusion. The 'ext' argument can be used to inject PHP code into the 'cache/ext/statman/log.gtdat' file and execute commands. Additionally, the 'list.gtdat' file in the 'cache/users' folder exposes the MD5 password hashes of all admin and users. This can be exploited by crafting a specific value for the 'upass' parameter.

Baby Web Server Command Validation Exploit

This is a Perl script that exploits a command validation vulnerability in the Baby Web Server. It allows an attacker to execute arbitrary commands on the server. The script takes three arguments: the target IP address, the input file containing the command to execute, and the path of the file on the server.

Nagios XI Network Monitor Graph Explorer Component Command Injection

This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution.

Recent Exploits: