Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26469: GitHub - Orange-Cyberdefense/CVE-repository: Repository of CVE found by OCD people

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.

CVE
#sql#xss#web#ios#windows#linux#cisco#git#php#rce#ssrf#auth

OCD CVE Repository

The table of CVE registered by people working for OCD:

CVE ID / Advisory

EDB ID / Exploit

Type

Product

Author(s)

CVE-2023-26469

PoC

Path traversal

Jorani/bbalet

Guilhem RIOUX

CVE-2023-23565

PoC

Local File Inclusion (authenticated)

Geomatika IsiGeo Web 6.0

Romain PENLOUP

CVE-2023-23564

PoC

Command injection (authenticated)

Geomatika IsiGeo Web 6.0

Romain PENLOUP & Guilhem RIOUX

CVE-2023-23563

PoC

SQL Injection (authenticated)

Geomatika IsiGeo Web 6.0

Romain PENLOUP

CVE-2023-20065

No PoC

Local Privilege Escalation

CISCO IOS XE Software

Mickael DORIGNY
Benoit MALABOEUF

CVE-2022-45186

PoC

Authenticated Database Leak

SuiteCRM <= 7.12.7 (<= 8.2.0)

Guilhem RIOUX

CVE-2022-45185

PoC

Authenticated RCE (arbitrary unserialize)

SuiteCRM <= 7.12.7 (<= 8.2.0)

Guilhem RIOUX

CVE-2022-41573

PoC

File Upload

Ovidentia 8.3

Nidal GUEDOUAR

CVE-2022-41572

PoC

Privilege escalation

Eyesofnetwork <= 5.3

Guilhem RIOUX

CVE-2022-41571

PoC

Authenticated local file inclusion

Eyesofnetwork <= 5.3

Guilhem RIOUX

CVE-2022-41570

PoC

Unauthenticated sql injection

Eyesofnetwork <= 5.3

Guilhem RIOUX

CVE-2022-35914

PoC

Unauthenticated RCE

GLPI (versions < 10.0.3 < 9.5.9 )

Cyril SERVIERES

CVE-2022-34328

PoC

SQL Injection (Authentificated)

PMB (version 7.4.1 )

Mike HOUZIAUX

CVE-2022-34328

PoC

XSS (Reflected)

PMB (version 7.3.10 )

Mike HOUZIAUX

CVE-2021-46107

PoC

Unauthenticated SSRF

Ligeo Archives (version < 4.0.78)

Guilhem RIOUX

CVE-2021-44032

PoC

Authentication Bypass

TP-Link Omada SDN Controler V4.4.4 (Windows)

Kevin LEHONGRE

CVE-2021-42056

PoC

Privilege Escalation

Safenet Authentication Client (Linux)

Wilfried PASCAULT

CVE-2021-36355

PoC

File upload to RCE

evolucaire imaging <8.5 (8.2.0.12)

Cyril SERVIERES

CVE-2020-2528

PoC

XSS (Reflected)

EasyVista 2018.1.185.5

Mike HOUZIAUX

CVE-2020-25287

PoC

Client Side Template Injection

EasyVista 2018.1.185.5

Mike HOUZIAUX

CVE-2020-25287

PoC

Authenticated RCE

Pligg 2.0.3

Mike HOUZIAUX

CVE-2020-17454

PoC

Self XSS

WSO2 API Manager: 3.1.0 or earlier

Zakaria BRAHIMI

CVE-2020-14950

PoC

Authenticated RCE

aapanel 6.6.6

Mike HOUZIAUX

CVE-2020-14462

PoC

Authenticated reflected XSS

Caldera 2.7.0

Aurélien CHALOT

CVE-2020-14421

PoC

Authenticated RCE

aapanel 6.6.6

Mike HOUZIAUX

CVE-2020-14295

PoC

Authenticated RCE (from SQLi)

cacti (1.2.7, 1.2.12)

Cyril SERVIERES

CVE-2020-14146

PoC

XSS (Reflected)

KumbiaPHP 1.1.1

Mike HOUZIAUX

CVE-2020-11712

PoC

XSS (Reflected)

Openupload 0.4.3

Mike HOUZIAUX

CVE-2020-10787

PoC

Root EoP

VestaCP 0.9.8-26

Alexandre ZANNI

CVE-2020-10786

PoC

Authenticated RCE

VestaCP 0.9.8-26

Alexandre ZANNI

CVE-2020-10220

48208

Unauthenticated SQLi

rConfig < 3.9.4

Jean-Pascal THOMAS

CVE-2020-8776
CVE-2020-8777
CVE-2020-8778

48162

Stored XSS

Alfresco 5.2.4

Alexandre ZANNI
Romain LOISEL

CVE-2020-1949

PoC

Reflected XSS

Sling CMS App 0.14.0 and previous releases

Guillaume GRABÉ

CVE-2019-19585

PoC

Root LPE

rConfig < 3.9.4

Jean-Pascal THOMAS

CVE-2019-19509

47982

Authenticated RCE

rConfig < 3.9.4

Jean-Pascal THOMAS

CVE-2019-15253

48459

Stored XSS

Cisco DNAC 1.3

Dylan GARNAUD
Benoit MALABOEUF

CVE-2019-13029

47146

Stored XSS

REDCap 8.10/9.1

Alexandre ZANNI
Dylan GARNAUD

Note: the table is sorted by CVE ID.

Related news

htmlLawed 1.2.5 Remote Command Execution

htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.

CVE-2023-23565: IsiGéo web

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.

CVE-2023-20065: Cisco Security Advisory: Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability

CVE-2022-46769: Apache Sling :: News

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4

GLPI 10.0.2 Command Injection

This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.

CVE-2022-35914: absent?: ././internal_utilities/htmLawed?cve=title/ | PHP Labware source code viewer

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.

CVE-2021-42056: GitHub - z00z00z00/Safenet_SAC_CVE-2021-42056: Safenet Authentication Client Privilege Escalation - CVE-2021-42056

Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.

CVE-2022-34328: GitHub - jenaye/PMB

PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.

CVE-2020-14421: GitHub - jenaye/aapanel: aapanel 6.6.6 - (Authenticated) Remote Code Execution

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

CVE-2020-14421: GitHub - jenaye/aapanel: aapanel 6.6.6 - (Authenticated) Remote Code Execution

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.

CVE-2020-14295: SQL Injection vulnerability due to input validation failure when editing colors (CVE-2020-14295) · Issue #3622 · Cacti/cacti

A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.

CVE-2020-8778: Multiples stored XSS on Alfresco 5.2.4 ($1937042) · Snippets · Snippets · GitLab

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.

CVE-2020-8778: Multiples stored XSS on Alfresco 5.2.4 ($1937042) · Snippets · Snippets · GitLab

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.

CVE-2020-8778: Multiples stored XSS on Alfresco 5.2.4 ($1937042) · Snippets · Snippets · GitLab

Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.

CVE-2020-8813: Releases · Cacti/cacti

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907