Headline
CVE-2023-26469: GitHub - Orange-Cyberdefense/CVE-repository: Repository of CVE found by OCD people
In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.
OCD CVE Repository
The table of CVE registered by people working for OCD:
CVE ID / Advisory
EDB ID / Exploit
Type
Product
Author(s)
CVE-2023-26469
PoC
Path traversal
Jorani/bbalet
Guilhem RIOUX
CVE-2023-23565
PoC
Local File Inclusion (authenticated)
Geomatika IsiGeo Web 6.0
Romain PENLOUP
CVE-2023-23564
PoC
Command injection (authenticated)
Geomatika IsiGeo Web 6.0
Romain PENLOUP & Guilhem RIOUX
CVE-2023-23563
PoC
SQL Injection (authenticated)
Geomatika IsiGeo Web 6.0
Romain PENLOUP
CVE-2023-20065
No PoC
Local Privilege Escalation
CISCO IOS XE Software
Mickael DORIGNY
Benoit MALABOEUF
CVE-2022-45186
PoC
Authenticated Database Leak
SuiteCRM <= 7.12.7 (<= 8.2.0)
Guilhem RIOUX
CVE-2022-45185
PoC
Authenticated RCE (arbitrary unserialize)
SuiteCRM <= 7.12.7 (<= 8.2.0)
Guilhem RIOUX
CVE-2022-41573
PoC
File Upload
Ovidentia 8.3
Nidal GUEDOUAR
CVE-2022-41572
PoC
Privilege escalation
Eyesofnetwork <= 5.3
Guilhem RIOUX
CVE-2022-41571
PoC
Authenticated local file inclusion
Eyesofnetwork <= 5.3
Guilhem RIOUX
CVE-2022-41570
PoC
Unauthenticated sql injection
Eyesofnetwork <= 5.3
Guilhem RIOUX
CVE-2022-35914
PoC
Unauthenticated RCE
GLPI (versions < 10.0.3 < 9.5.9 )
Cyril SERVIERES
CVE-2022-34328
PoC
SQL Injection (Authentificated)
PMB (version 7.4.1 )
Mike HOUZIAUX
CVE-2022-34328
PoC
XSS (Reflected)
PMB (version 7.3.10 )
Mike HOUZIAUX
CVE-2021-46107
PoC
Unauthenticated SSRF
Ligeo Archives (version < 4.0.78)
Guilhem RIOUX
CVE-2021-44032
PoC
Authentication Bypass
TP-Link Omada SDN Controler V4.4.4 (Windows)
Kevin LEHONGRE
CVE-2021-42056
PoC
Privilege Escalation
Safenet Authentication Client (Linux)
Wilfried PASCAULT
CVE-2021-36355
PoC
File upload to RCE
evolucaire imaging <8.5 (8.2.0.12)
Cyril SERVIERES
CVE-2020-2528
PoC
XSS (Reflected)
EasyVista 2018.1.185.5
Mike HOUZIAUX
CVE-2020-25287
PoC
Client Side Template Injection
EasyVista 2018.1.185.5
Mike HOUZIAUX
CVE-2020-25287
PoC
Authenticated RCE
Pligg 2.0.3
Mike HOUZIAUX
CVE-2020-17454
PoC
Self XSS
WSO2 API Manager: 3.1.0 or earlier
Zakaria BRAHIMI
CVE-2020-14950
PoC
Authenticated RCE
aapanel 6.6.6
Mike HOUZIAUX
CVE-2020-14462
PoC
Authenticated reflected XSS
Caldera 2.7.0
Aurélien CHALOT
CVE-2020-14421
PoC
Authenticated RCE
aapanel 6.6.6
Mike HOUZIAUX
CVE-2020-14295
PoC
Authenticated RCE (from SQLi)
cacti (1.2.7, 1.2.12)
Cyril SERVIERES
CVE-2020-14146
PoC
XSS (Reflected)
KumbiaPHP 1.1.1
Mike HOUZIAUX
CVE-2020-11712
PoC
XSS (Reflected)
Openupload 0.4.3
Mike HOUZIAUX
CVE-2020-10787
PoC
Root EoP
VestaCP 0.9.8-26
Alexandre ZANNI
CVE-2020-10786
PoC
Authenticated RCE
VestaCP 0.9.8-26
Alexandre ZANNI
CVE-2020-10220
48208
Unauthenticated SQLi
rConfig < 3.9.4
Jean-Pascal THOMAS
CVE-2020-8776
CVE-2020-8777
CVE-2020-8778
48162
Stored XSS
Alfresco 5.2.4
Alexandre ZANNI
Romain LOISEL
CVE-2020-1949
PoC
Reflected XSS
Sling CMS App 0.14.0 and previous releases
Guillaume GRABÉ
CVE-2019-19585
PoC
Root LPE
rConfig < 3.9.4
Jean-Pascal THOMAS
CVE-2019-19509
47982
Authenticated RCE
rConfig < 3.9.4
Jean-Pascal THOMAS
CVE-2019-15253
48459
Stored XSS
Cisco DNAC 1.3
Dylan GARNAUD
Benoit MALABOEUF
CVE-2019-13029
47146
Stored XSS
REDCap 8.10/9.1
Alexandre ZANNI
Dylan GARNAUD
Note: the table is sorted by CVE ID.
Related news
htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.
Plus: Microsoft Outlook and Android patch serious flaws, Chrome and Firefox get fixes, and much more.
A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4
This Metasploit module exploits an unauthenticated PHP command injection vulnerability in GLPI versions 10.0.2 and below to execute a command.
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges.
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php.
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an uploaded document, when the attacker has write access to a project.
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.