what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 196 RSS Feed

Files from EgiX

Email addressn0b0d13s at gmail.com
First Active2007-07-31
Last Active2024-05-15
Cacti 1.2.26 Remote Code Execution
Posted May 15, 2024
Authored by EgiX | Site karmainsecurity.com

Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.

tags | exploit, remote, php, code execution
advisories | CVE-2024-25641
SHA-256 | 86b50d4574919755d30f44ebc0972085ad39e9820171813614fe42cf0df9f937
Invision Community 4.7.16 Remote Code Execution
Posted Apr 8, 2024
Authored by EgiX | Site karmainsecurity.com

Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.

tags | exploit, remote, php, code execution
advisories | CVE-2024-30162
SHA-256 | 79e57c6d95c397c23ce4c4203e72406e2900a93befed691fbc0ae540ed7a9cf4
Invision Community 4.7.15 SQL Injection
Posted Apr 8, 2024
Authored by EgiX | Site karmainsecurity.com

Invision Community versions 4.4.0 through 4.7.15 suffer from a remote SQL injection vulnerability in store.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2024-30163
SHA-256 | f3e99d07ab1ab0d469a1a39ceb456ac6dc86fdcbd9071ad8690ce38ecca5a7ff
XenForo 2.2.13 ArchiveImport.php Zip Slip
Posted Jan 31, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.

tags | exploit, php
SHA-256 | 5deccbdac2cfe207ec995833b611569397b53b3acedb61fbd211edfe7bb16b0d
PKP-WAL 3.4.0-3 Remote Code Execution
Posted Dec 15, 2023
Authored by EgiX | Site karmainsecurity.com

PKP Web Application Library (PKP-WAL) versions 3.4.0-3 and below, as used in Open Journal Systems (OJS), Open Monograph Press (OMP), and Open Preprint Systems (OPS) before versions 3.4.0-4 or 3.3.0-16, suffer from a NativeImportExportPlugin related remote code execution vulnerability.

tags | exploit, remote, web, code execution
advisories | CVE-2023-47271
SHA-256 | 894453dd71b738c757ad44c73e02be6e0af26e1e261f945b9dc8f20a9ebb348e
ISPConfig 3.2.11 PHP Code Injection
Posted Dec 8, 2023
Authored by EgiX | Site karmainsecurity.com

ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php.

tags | exploit, php
advisories | CVE-2023-46818
SHA-256 | d5776b6c39736c11bc5b6ee2bae4179fb341f58ff08665b96718f64ac8b63242
phpFox 4.8.13 PHP Object Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.

tags | exploit, remote, arbitrary, php
advisories | CVE-2023-46817
SHA-256 | ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03
SugarCRM 13.0.1 Shell Upload
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.

tags | exploit, remote, shell
SHA-256 | f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487
SugarCRM 13.0.1 Server-Side Template Injection
Posted Oct 27, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.

tags | exploit, arbitrary, php
SHA-256 | 482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5
CrafterCMS 4.0.2 Cross Site Scripting
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

CrafterCMS versions 4.0.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-4136
SHA-256 | 4048cc73ca79593508defbbf3c0df5f379960818368d8961aa031904ca5e521e
SugarCRM 12.2.0 SQL Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2023-35811
SHA-256 | 7ac3dd76029909e92ecbb32df56339dca3e9412efcdf8b96b27046af6d4ffb09
SugarCRM 12.2.0 PHP Object Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2023-35810
SHA-256 | 32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910c
SugarCRM 12.2.0 Bean Manipulation
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 suffer from a bean manipulation vulnerability that can allow for privilege escalation.

tags | exploit
advisories | CVE-2023-35809
SHA-256 | 1078818f691b65f6434800472b38689394026e833cc221fb0566161b653d1103
SugarCRM 12.2.0 Shell Upload
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2023-35808
SHA-256 | 6bee957dcfc710f3709d5cc3ba3aa33ecb6f07d987d6836c2df36e2f2011c8a8
Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.

tags | exploit, php
advisories | CVE-2023-22851
SHA-256 | 1b6698ff49dd75e5444eb0fdffd03d9806fd9c813b8e9255172cc30fc8eee07c
Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.

tags | exploit, php
advisories | CVE-2023-22580
SHA-256 | 2ec6d4c5f2c778a5cba091671d5430e465c12ac9843c5cd81c7a60ef025d78c5
Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.

tags | exploit, php
advisories | CVE-2023-22853
SHA-256 | 78cc87727c56dfa65396d9be9770b8f57ca776f333384898c9697700f5975390
Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2023-22852
SHA-256 | e6e385bd593b19e51fd23dc7a81743ae9a7caac91f486e077758222133af8248
Drupal H5P Module 2.0.0 Zip Slip Traversal
Posted Dec 5, 2022
Authored by EgiX | Site karmainsecurity.com

Drupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.

tags | exploit, file inclusion
systems | windows
SHA-256 | 29cd61d23f4b78dbb93cdc479cba570c70b094e72db31910170d0c3eb73d58f8
vBulletin 5.5.2 PHP Object Injection
Posted Nov 28, 2022
Authored by EgiX | Site karmainsecurity.com

vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.

tags | exploit, arbitrary, php
SHA-256 | 642eb80065f04eaf2d94765043c9d033ac86f7e4e3dda966ce90660dd7167e15
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
Posted Mar 30, 2022
Authored by EgiX | Site karmainsecurity.com

Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives.

tags | exploit, vulnerability
advisories | CVE-2022-23793
SHA-256 | 3659bb2a193b54ec58750cfb109d9f00cfd739f7828d6a6d4fdff0e0ff2be911
ImpressCMS 1.4.2 SQL Injection / Remote Code Execution
Posted Mar 23, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the "groups" POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the "users" database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.

tags | exploit, remote, arbitrary, php, code execution, sql injection
advisories | CVE-2021-26598, CVE-2021-26599
SHA-256 | 576e64698cc9d7062dccead415b9bdbbe2c02e4ae86258cd980164b5e56355cc
ImpressCMS 1.4.2 SQL Injection
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-26599
SHA-256 | fb068f3b5b726ef7f6497f8040c8f0b94fc6749a1851c9e7f05fdbae0ca41fa0
ImpressCMS 1.4.2 Incorrect Access Control
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from an incorrect access control vulnerability.

tags | exploit
advisories | CVE-2021-26598
SHA-256 | 4b55169e7ddd7a9da312a1bb940bbd4357b7a28a5e228523903848b5c2e04d5f
ImpressCMS 1.4.2 Path Traversal
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.

tags | exploit, arbitrary
advisories | CVE-2021-26601
SHA-256 | 54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4
Page 1 of 8
Back12345Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close