OCD CVE Repository

---

The table of CVE registered by people working for OCD:

CVE ID / Advisory	EDB ID / Exploit	Type	Product	Author(s)
CVE-2023-44249	No_PoC	Authorization bypass	Fortinet FortiManager & FortiAnalyzer	Mickael DORIGNY
CVE-2023-44256	PoC	SSRF	Fortinet FortiManager & FortiAnalyzer	Mickael DORIGNY
CVE-2023-42787	PoC	Unprivileged user, web console CLI access	Fortinet FortiManager & FortiAnalyzer	Mickael DORIGNY
CVE-2023-41320	PoC	SQLi (update clause)	GLPI < 10.1.0	Guilhem RIOUX
CVE-2023-26469	PoC	Path traversal	Jorani/bbalet	Guilhem RIOUX
CVE-2023-23565	PoC	Local File Inclusion (authenticated)	Geomatika IsiGeo Web 6.0	Romain PENLOUP
CVE-2023-23564	PoC	Command injection (authenticated)	Geomatika IsiGeo Web 6.0	Romain PENLOUP & Guilhem RIOUX
CVE-2023-23563	PoC	SQL Injection (authenticated)	Geomatika IsiGeo Web 6.0	Romain PENLOUP
CVE-2023-20065	No PoC	Local Privilege Escalation	CISCO IOS XE Software	Mickael DORIGNY Benoit MALABOEUF
CVE-2022-45186	PoC	Authenticated Database Leak	SuiteCRM <= 7.12.7 (<= 8.2.0)	Guilhem RIOUX
CVE-2022-45185	PoC	Authenticated RCE (arbitrary unserialize)	SuiteCRM <= 7.12.7 (<= 8.2.0)	Guilhem RIOUX
CVE-2022-41573	PoC	File Upload	Ovidentia 8.3	Nidal GUEDOUAR
CVE-2022-41572	PoC	Privilege escalation	Eyesofnetwork <= 5.3	Guilhem RIOUX
CVE-2022-41571	PoC	Authenticated local file inclusion	Eyesofnetwork <= 5.3	Guilhem RIOUX
CVE-2022-41570	PoC	Unauthenticated sql injection	Eyesofnetwork <= 5.3	Guilhem RIOUX
CVE-2022-35914	PoC	Unauthenticated RCE	GLPI (versions < 10.0.3 < 9.5.9 )	Cyril SERVIERES
CVE-2022-34328	PoC	SQL Injection (Authentificated)	PMB (version 7.4.1 )	Mike HOUZIAUX
CVE-2022-34328	PoC	XSS (Reflected)	PMB (version 7.3.10 )	Mike HOUZIAUX
CVE-2021-46107	PoC	Unauthenticated SSRF	Ligeo Archives (version < 4.0.78)	Guilhem RIOUX
CVE-2021-44032	PoC	Authentication Bypass	TP-Link Omada SDN Controler V4.4.4 (Windows)	Kevin LEHONGRE
CVE-2021-42056	PoC	Privilege Escalation	Safenet Authentication Client (Linux)	Wilfried PASCAULT
CVE-2021-36355	PoC	File upload to RCE	evolucaire imaging <8.5 (8.2.0.12)	Cyril SERVIERES
CVE-2020-2528	PoC	XSS (Reflected)	EasyVista 2018.1.185.5	Mike HOUZIAUX
CVE-2020-25287	PoC	Client Side Template Injection	EasyVista 2018.1.185.5	Mike HOUZIAUX
CVE-2020-25287	PoC	Authenticated RCE	Pligg 2.0.3	Mike HOUZIAUX
CVE-2020-17454	PoC	Self XSS	WSO2 API Manager: 3.1.0 or earlier	Zakaria BRAHIMI
CVE-2020-14950	PoC	Authenticated RCE	aapanel 6.6.6	Mike HOUZIAUX
CVE-2020-14462	PoC	Authenticated reflected XSS	Caldera 2.7.0	Aurélien CHALOT
CVE-2020-14421	PoC	Authenticated RCE	aapanel 6.6.6	Mike HOUZIAUX
CVE-2020-14295	PoC	Authenticated RCE (from SQLi)	cacti (1.2.7, 1.2.12)	Cyril SERVIERES
CVE-2020-14146	PoC	XSS (Reflected)	KumbiaPHP 1.1.1	Mike HOUZIAUX
CVE-2020-11712	PoC	XSS (Reflected)	Openupload 0.4.3	Mike HOUZIAUX
CVE-2020-10787	PoC	Root EoP	VestaCP 0.9.8-26	Alexandre ZANNI
CVE-2020-10786	PoC	Authenticated RCE	VestaCP 0.9.8-26	Alexandre ZANNI
CVE-2020-10220	48208	Unauthenticated SQLi	rConfig < 3.9.4	Jean-Pascal THOMAS
CVE-2020-8776 CVE-2020-8777 CVE-2020-8778	48162	Stored XSS	Alfresco 5.2.4	Alexandre ZANNI Romain LOISEL
CVE-2020-1949	PoC	Reflected XSS	Sling CMS App 0.14.0 and previous releases	Guillaume GRABÉ
CVE-2019-19585	PoC	Root LPE	rConfig < 3.9.4	Jean-Pascal THOMAS
CVE-2019-19509	47982	Authenticated RCE	rConfig < 3.9.4	Jean-Pascal THOMAS
CVE-2019-15253	48459	Stored XSS	Cisco DNAC 1.3	Dylan GARNAUD Benoit MALABOEUF
CVE-2019-13029	47146	Stored XSS	REDCap 8.10/9.1	Alexandre ZANNI Dylan GARNAUD

Note: the table is sorted by CVE ID.