Known Vulnerabilities | Core Security

Open-AudIT is vulnerable to an authenticated php file upload, allowing attackers to execute arbitrary php code in the system.

The 'recentVersion' explude_ip parameter in the discoveries endpoint is vulnerable to OS Command Injection, this module exploits this vulneravility in order to install an agent

This module exploits an OS command injection vulnerability in Artica Pandora FMS. The lack of sanitisation for the input of the Events function could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.

This module exploits a deserialization vulnerability present in the BrowserNavigationCorrector class of Microsoft SQL Server Reporting Services to deploy an agent. The deployed agent will run with the Report Server service account privileges.

This module exploits a deserialization vulnerability in the Microsoft Exchange Control Panel. The lack of randomization in the validationKey and decryptionKey values allows an attacker to create a crafted viewstate to execute OS commands an deploy an agent. The deployed agent will run with SYSTEM privileges.

This module exploits an OS command injection vulnerability in Kinetica. The lack of sanitisation for the input of the getLogs function could be exploited to allow an authenticated attacker to run remote code on the underlying operating system an deploy an agent.

This module uses an authentication bypass and a SQL injection vulnerability in order to upload and execute a JSP file in the Wildfly virtual file system webapps directory. The deployed agent will run with SYSTEM or ROOT privileges.

This module exploits an unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php. Also, this module exploits an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php.

This module exploits a javascript command injection vulnerability in Kibana, in the Timelion application.

This module exploits an OS command injection vulnerability in Apache Solr, via the Velocity Template.

Subscribe to Known Vulnerabilities

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum