https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 18:46:47 +0000 https://db.gcve.eu/sighting/220b61ab-87b8-47bc-b932-f079f1fc4cd1/export {"uuid": "220b61ab-87b8-47bc-b932-f079f1fc4cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28910", "type": "published-proof-of-concept", "source": "Telegram/Ss44dfktnvBrSYmi5h3Hi4YxlnzSVf_TwVt3ct0JZrIkPN4", "content": "", "creation_timestamp": "2021-05-24T20:42:39.000000Z"} {"uuid": "220b61ab-87b8-47bc-b932-f079f1fc4cd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28910", "type": "published-proof-of-concept", "source": "Telegram/Ss44dfktnvBrSYmi5h3Hi4YxlnzSVf_TwVt3ct0JZrIkPN4", "content": "", "creation_timestamp": "2021-05-24T20:42:39.000000Z"} https://db.gcve.eu/sighting/220b61ab-87b8-47bc-b932-f079f1fc4cd1/export Mon, 24 May 2021 20:42:39 +0000 https://db.gcve.eu/sighting/fbf5df5e-e739-4869-8eaf-f5087e1f1af1/export {"uuid": "fbf5df5e-e739-4869-8eaf-f5087e1f1af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28910", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/42", "content": "\"13 Nagios Vulnerabilities, #7 will SHOCK you!\" by Samir Ghanem\n\nGaining access to Nagios XI server results in upstream compromise of management server, i.e. every other customer monitored. Exploitation facilitated with soygun tool.\n\nContents:\n \u2022 TL;DR\n \u2022 Why Nagios?\n \u2022 What is Nagios?\n \u2022 The Code\n \u2022 Challenge Accepted\n \u2022 What are we trying to achieve?\n \u2022 Step 1: RCE on Nagios XI server from low privilege Nagios XI user (CVE-2020-28648)\n \u2022 Step 2: Elevate privileges to \u2018root\u2019 on Nagios XI server (CVE-2020-28910)\n \u2022 Step 3: Trigger XSS by tainting data returned to Nagios Fusion from XI (CVE-2020-28903)\n \u2022 Step 4: Authenticated remote code execution on Nagios Fusion (CVE-2020-28905)\n \u2022 Step 5: Elevate privileges from apache to root using the \u2018cmd_subsys.php\u2019 (CVE-2020-28902)\n \u2022 Step 6: Get list of \u201cfused\u201d XI servers and exploit them using Step 1 and 2\n \u2022 PoC or Attack Platform\n \u2022 SoyGun\n \u2022 Command & Control (C2)\n \u2022 SoyGun Implant\n \u2022 DeadDrop\n \u2022 Demo\n \u2022 Disclosure and Afterthoughts\n \u2022 Full Vulnerabilities List\n\nhttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "creation_timestamp": "2021-05-27T17:17:10.000000Z"} {"uuid": "fbf5df5e-e739-4869-8eaf-f5087e1f1af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28910", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/42", "content": "\"13 Nagios Vulnerabilities, #7 will SHOCK you!\" by Samir Ghanem\n\nGaining access to Nagios XI server results in upstream compromise of management server, i.e. every other customer monitored. Exploitation facilitated with soygun tool.\n\nContents:\n \u2022 TL;DR\n \u2022 Why Nagios?\n \u2022 What is Nagios?\n \u2022 The Code\n \u2022 Challenge Accepted\n \u2022 What are we trying to achieve?\n \u2022 Step 1: RCE on Nagios XI server from low privilege Nagios XI user (CVE-2020-28648)\n \u2022 Step 2: Elevate privileges to \u2018root\u2019 on Nagios XI server (CVE-2020-28910)\n \u2022 Step 3: Trigger XSS by tainting data returned to Nagios Fusion from XI (CVE-2020-28903)\n \u2022 Step 4: Authenticated remote code execution on Nagios Fusion (CVE-2020-28905)\n \u2022 Step 5: Elevate privileges from apache to root using the \u2018cmd_subsys.php\u2019 (CVE-2020-28902)\n \u2022 Step 6: Get list of \u201cfused\u201d XI servers and exploit them using Step 1 and 2\n \u2022 PoC or Attack Platform\n \u2022 SoyGun\n \u2022 Command & Control (C2)\n \u2022 SoyGun Implant\n \u2022 DeadDrop\n \u2022 Demo\n \u2022 Disclosure and Afterthoughts\n \u2022 Full Vulnerabilities List\n\nhttps://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/", "creation_timestamp": "2021-05-27T17:17:10.000000Z"} https://db.gcve.eu/sighting/fbf5df5e-e739-4869-8eaf-f5087e1f1af1/export Thu, 27 May 2021 17:17:10 +0000