CVE-2025-34227 - Nagios XI Authenticated Command Injection in Configuration Wizard MySQL and PostgreSQL monitoring services leads to Remote Code Execution
Overview
Recent posts
Headless Pentesting Machine Setup
Overview When I was starting out in penetration testing, it always confused me how folks would say they worked using a simple CLI only linux machine in a VPS...
CVE-2024-13986 - Nagios XI Authenticated Arbitrary File Upload + Path Traversal leads to Remote Code Execution
Overview I recently noticed quite a few folks recently looked at Nagios XI. Some even pulled the obfuscated stuff apart which I thought was really awesome! I...
CVE-2021-42840 SuiteCRM RCE Log File Extension 2
CVE-2021-42840 This one will be a bit short, since severity/impact/video/etc is all identical to my post on the previous SuiteCRM RCE.
CVE-2021-31933 Chamilo LMS File Upload RCE
Path traversal in File Upload leads to Remote Code Execution in Chamilo LMS Overview It’s been a bit since I spent some time looking for a web vuln… And this...