seeing is believing
Showing 1 - 25 of 132 RSS Feed

Files from EgiX

Email addressn0b0d13s at gmail.com
First Active2007-07-31
Last Active2017-02-06
PEAR HTML_AJAX 0.5.7 PHP Object Injection
Posted Feb 6, 2017
Authored by EgiX | Site karmainsecurity.com

PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | d2e6428ee37fd292066c41b75c9463b4
Piwik 2.16.0 PHP Object Injection
Posted Nov 8, 2016
Authored by EgiX | Site karmainsecurity.com

Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.

tags | exploit, php
MD5 | bd3245f114f5d320f885b704e6a5d15e
Symantec Web Gateway 5.2.2 OS Command Injection
Posted Oct 6, 2016
Authored by EgiX | Site karmainsecurity.com

Symantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.

tags | exploit, web, php
advisories | CVE-2016-5313
MD5 | 38e30c2ae231c0c90aef4db50c02c12c
SugarCRM REST Unserialize PHP Code Execution
Posted Sep 8, 2016
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.

tags | exploit, arbitrary, php
MD5 | f9879bb95d16d3382f2534b9240c7d25
IPS Community Suite 4.1.12.3 PHP Code Injection
Posted Jul 7, 2016
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.

tags | exploit, remote, php
advisories | CVE-2016-6174
MD5 | 6818425f032118305ebc187f36a5a134
Concrete5 5.7.3.1 Local File Inclusion
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 7aad8a3d1adf10f05ea51ee8ca0e546d
Concrete5 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d058d3ec001d3a60cfa71271ebc40d36
Concrete5 5.7.3.1 Cross Site Request Forgery
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from multiple cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
MD5 | a9b43ed5dadf22c5af4f6e27e76b6a2d
SugarCRM 6.5.23 SugarRestSerialize.php PHP Object Injection
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 75a86f0ba47e36424e523dde32a8cfb9
SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.

tags | exploit, xss
MD5 | d4aa80fa1772da234e2d9b4d7bd5e299
SugarCRM 6.5.18 PHP Code Injection
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.

tags | exploit, php, vulnerability
MD5 | 58722361e515edc078b6dc8a90758f93
SugarCRM 6.5.18 Missing Authorization
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.

tags | exploit
MD5 | 7b4962bd34be471d7a0aac23a8f25eaa
SugarCRM 6.5.18 SAML Authentication XML External Entity
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.

tags | advisory
MD5 | c28483be9e51e708f3c48952da13852e
Magento 1.9.2.2 RSS Feed Information Disclosure
Posted Feb 25, 2016
Authored by EgiX

Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.

tags | exploit, info disclosure
advisories | CVE-2016-2212
MD5 | 72ef98d834f769976ae3af136b7e032f
CakePHP 3.2.0 CSRF Bypass
Posted Jan 17, 2016
Authored by EgiX

CakePHP versions 3.2.0 and below suffer from a _method cross site request forgery protection bypass vulnerability.

tags | exploit, bypass, csrf
advisories | CVE-2015-8379
MD5 | 4194ead0bfff2ad25e670ee6ecb9f903
Piwik 2.14.3 PHP Object Injection
Posted Nov 4, 2015
Authored by EgiX

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.

tags | exploit, remote, php, code execution
advisories | CVE-2015-7816
MD5 | 7c5bbac17aa1381c3f80fba1d07afc93
Piwik 2.14.3 Local File Inclusion
Posted Nov 4, 2015
Authored by EgiX

Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-7815
MD5 | fe2bdc1b138804dcc2295fdf128146e8
ATutor 2.2 PHP Code Injection
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.

tags | exploit, remote, php
advisories | CVE-2015-7712
MD5 | ea74761d9613a5aaa681169d6022a427
ATutor 2.2 Cross Site Scripting
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7711
MD5 | 7a796af56f53c00102bcd30e7e37145a
ATutor 2.2 Session Variable Overloading
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability.

tags | advisory
advisories | CVE-2014-9753
MD5 | 74806f78aee2c484d9ec08f4e2360333
ATutor 2.2 File Upload
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2014-9752
MD5 | 07499b6750c1e85829c0817d87da1937
Magento 1.9.2 File Inclusion
Posted Sep 14, 2015
Authored by EgiX

Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-6497
MD5 | 0d483734c211446d05ddbd10b09fa487
Concrete5 5.7.4 SQL Injection
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a86a67533b104a9a04ac54e69e6dbc4c
Concrete5 5.7.3.1 Cross Site Scripting
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 52fa2b017d1038fdac8e8eb582abd41a
Concrete5 5.7.3.1 sendmail Remote Code Execution
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 39c25351d8a9a7d81649b89b2338e528
Page 1 of 6
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close