exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Tuleap 7.6-4 PHP Object Injection
Posted Nov 28, 2014
Authored by EgiX

Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.

tags | exploit, php
advisories | CVE-2014-8791
SHA-256 | 192dd00027ad64789b52484759c17f92a935cf687f895373607d3b900d19a1ad

Related Files

CrafterCMS 4.0.2 Cross Site Scripting
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

CrafterCMS versions 4.0.2 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2023-4136
SHA-256 | 4048cc73ca79593508defbbf3c0df5f379960818368d8961aa031904ca5e521e
SugarCRM 12.2.0 SQL Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2023-35811
SHA-256 | 7ac3dd76029909e92ecbb32df56339dca3e9412efcdf8b96b27046af6d4ffb09
SugarCRM 12.2.0 PHP Object Injection
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2023-35810
SHA-256 | 32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910c
SugarCRM 12.2.0 Bean Manipulation
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 suffer from a bean manipulation vulnerability that can allow for privilege escalation.

tags | exploit
advisories | CVE-2023-35809
SHA-256 | 1078818f691b65f6434800472b38689394026e833cc221fb0566161b653d1103
SugarCRM 12.2.0 Shell Upload
Posted Aug 23, 2023
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2023-35808
SHA-256 | 6bee957dcfc710f3709d5cc3ba3aa33ecb6f07d987d6836c2df36e2f2011c8a8
Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.

tags | exploit, php
advisories | CVE-2023-22851
SHA-256 | 1b6698ff49dd75e5444eb0fdffd03d9806fd9c813b8e9255172cc30fc8eee07c
Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.

tags | exploit, php
advisories | CVE-2023-22580
SHA-256 | 2ec6d4c5f2c778a5cba091671d5430e465c12ac9843c5cd81c7a60ef025d78c5
Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.

tags | exploit, php
advisories | CVE-2023-22853
SHA-256 | 78cc87727c56dfa65396d9be9770b8f57ca776f333384898c9697700f5975390
Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery
Posted Jan 10, 2023
Authored by EgiX | Site karmainsecurity.com

Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2023-22852
SHA-256 | e6e385bd593b19e51fd23dc7a81743ae9a7caac91f486e077758222133af8248
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
Posted Mar 30, 2022
Authored by EgiX | Site karmainsecurity.com

Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives.

tags | exploit, vulnerability
advisories | CVE-2022-23793
SHA-256 | 3659bb2a193b54ec58750cfb109d9f00cfd739f7828d6a6d4fdff0e0ff2be911
ImpressCMS 1.4.2 SQL Injection
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-26599
SHA-256 | fb068f3b5b726ef7f6497f8040c8f0b94fc6749a1851c9e7f05fdbae0ca41fa0
ImpressCMS 1.4.2 Incorrect Access Control
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from an incorrect access control vulnerability.

tags | exploit
advisories | CVE-2021-26598
SHA-256 | 4b55169e7ddd7a9da312a1bb940bbd4357b7a28a5e228523903848b5c2e04d5f
ImpressCMS 1.4.2 Path Traversal
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.

tags | exploit, arbitrary
advisories | CVE-2021-26601
SHA-256 | 54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4
ImpressCMS 1.4.2 Authentication Bypass
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2021-26600
SHA-256 | d8dfe7df740ddc2041569cf9735ee4180779ccae9c55e66d12ed7119dce09379
Concrete5 8.5.5 Phar Deserialization
Posted Jul 20, 2021
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.

tags | advisory, arbitrary, php
advisories | CVE-2021-36766
SHA-256 | 4737c6d7d22010e52296503aaa366abc55f04d975b7b1fd092c8c80e1a164e8a
IPS Community Suite 4.5.4.2 PHP Code Injection
Posted May 31, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.

tags | exploit, arbitrary, php
advisories | CVE-2021-32924
SHA-256 | 392b40ad40c330e4deb04c99f4ff988666d96d0c4e3c606a17ec99241047911a
ExpressionEngine 6.0.2 PHP Code Injection
Posted Mar 15, 2021
Authored by EgiX | Site karmainsecurity.com

ExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.

tags | exploit, php
advisories | CVE-2021-27230
SHA-256 | 194597ced97a35c6d247729d6a66efa739186e83e8e19c865571433ee7b78ee3
docsify 4.11.6 Cross Site Scripting
Posted Feb 22, 2021
Authored by EgiX

docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.

tags | advisory, xss
advisories | CVE-2020-7680, CVE-2021-23342
SHA-256 | 660d129dcc87aa67615bb840ba7c6f92bff103f112e67bbd1690a0f2d2193057
IPS Community Suite 4.5.4 SQL Injection
Posted Jan 6, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.

tags | exploit, remote, sql injection
advisories | CVE-2021-3025
SHA-256 | 91f17358440b97a2cdf9126200c78d2bfdc16a8200647806ddf3ac379ef0d629
qdPM 9.1 PHP Object Injection
Posted Dec 31, 2020
Authored by EgiX | Site karmainsecurity.com

qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-26165
SHA-256 | b112518046e2d985fa9df4e1d428c12274ab5e4bf070ee7383978e0a73695f45
openSIS 7.4 SQL Injection
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-13380, CVE-2020-13381
SHA-256 | 400d9b74c5924b238ccb88c1968e13b4640183baf55f44521ab902c275f4c1d9
openSIS 7.4 Local File Inclusion
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-13383
SHA-256 | e7161d7a2b2b5f3b74f9ce9373cde1c623bb264344142c67862680b20c2bfee5
openSIS 7.4 Incorrect Access Control
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from an access bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-13382
SHA-256 | de18d17ff15947139e2907c1c51bf51af6d549555d04403c26002b9a0c85a3af
SuiteCRM 7.11.10 SQL Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-8804
SHA-256 | 6d0664ee294d9c0e355362341a51a1fb0526746a2bbe5d841ef37520620739c4
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

tags | exploit, local, file inclusion
advisories | CVE-2020-8803
SHA-256 | bf17496e890701853063b6c0ff76d7e4c10126a589c0ff3f257def2dcf623ee6
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close