Showing 1 - 25 of 166

Files from EgiX

Email address	n0b0d13s at gmail.com
First Active	2007-07-31
Last Active	2021-01-06

IPS Community Suite 4.5.4 SQL Injection: Posted Jan 6, 2021; Authored by EgiX | Site karmainsecurity.com; IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.; tags | exploit, remote, sql injection; advisories | CVE-2021-3025; MD5 | dbfe43c17c45eb62df239a2a07b7e8db; Download | Favorite | View

qdPM 9.1 PHP Object Injection: Posted Dec 31, 2020; Authored by EgiX | Site karmainsecurity.com; qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.; tags | exploit, php; advisories | CVE-2020-26165; MD5 | 59a37dff15f2cdae915eeb5509b2b6a3; Download | Favorite | View

SugarCRM SQL Injection: Posted Aug 12, 2020; Authored by EgiX; SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2020-17373; MD5 | 1e905e5f22cd6342f9072a100d0f76d0; Download | Favorite | View

SugarCRM Cross Site Scripting: Posted Aug 12, 2020; Authored by EgiX; SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2020-17372; MD5 | 183b85c8b4288860f9bd1feb70ed8796; Download | Favorite | View

openSIS 7.4 Unauthenticated PHP Code Execution: Posted Jul 6, 2020; Authored by EgiX | Site metasploit.com; This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.; tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion; advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383; MD5 | 07a638401a07dae3fe0cc15b5a196965; Download | Favorite | View

openSIS 7.4 SQL Injection: Posted Jun 30, 2020; Authored by EgiX | Site karmainsecurity.com; openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; advisories | CVE-2020-13380, CVE-2020-13381; MD5 | a2debfb35200111f560b317b09d7483a; Download | Favorite | View

openSIS 7.4 Local File Inclusion: Posted Jun 30, 2020; Authored by EgiX | Site karmainsecurity.com; openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.; tags | exploit, local, file inclusion; advisories | CVE-2020-13383; MD5 | 34773fe08298e4f70971b2ca475bfba4; Download | Favorite | View

openSIS 7.4 Incorrect Access Control: Posted Jun 30, 2020; Authored by EgiX | Site karmainsecurity.com; openSIS versions 7.4 and below suffer from an access bypass vulnerability.; tags | exploit, bypass; advisories | CVE-2020-13382; MD5 | 4cebf3ba915295798f97385106aeba1b; Download | Favorite | View

SuiteCRM 7.11.10 SQL Injection: Posted Feb 13, 2020; Authored by EgiX | Site karmainsecurity.com; SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; advisories | CVE-2020-8804; MD5 | e563a245d3450a08dc89409be7d351e6; Download | Favorite | View

SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion: Posted Feb 13, 2020; Authored by EgiX | Site karmainsecurity.com; SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.; tags | exploit, local, file inclusion; advisories | CVE-2020-8803; MD5 | 30243acc735a0a74cd60961a8b809988; Download | Favorite | View

SuiteCRM 7.11.11 Bean Manipulation: Posted Feb 13, 2020; Authored by EgiX | Site karmainsecurity.com; SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.; tags | exploit; advisories | CVE-2020-8802; MD5 | 5b37a8d65609f140a2d503b2ba0f5aea; Download | Favorite | View

SuiteCRM 7.11.11 Phar Deserialization: Posted Feb 13, 2020; Authored by EgiX | Site karmainsecurity.com; SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.; tags | exploit, vulnerability; advisories | CVE-2020-8801; MD5 | 40555272df9e2fe2b9399bbc7bb54c0a; Download | Favorite | View

SuiteCRM 7.11.11 Second-Order PHP Object Injection: Posted Feb 13, 2020; Authored by EgiX | Site karmainsecurity.com; SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.; tags | exploit, php; advisories | CVE-2020-8800; MD5 | ea4d3494a5be75e5e45932ce2189d4c2; Download | Favorite | View

YouPHPTube 7.7 SQL Injection: Posted Dec 4, 2019; Authored by EgiX | Site karmainsecurity.com; YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.; tags | exploit, remote, php, sql injection; advisories | CVE-2019-18662; MD5 | bda45fa0236ae4d5e784d5a3ac75112a; Download | Favorite | View

SugarCRM 9.0.1 Phar Deserialization: Posted Oct 11, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions 9.0.1 and below suffer from multiple phar deserialization vulnerabilities.; tags | exploit, vulnerability; MD5 | 9b8f9b6b6a519339498cc83d2af280ce; Download | Favorite | View

SugarCRM 9.0.1 PHP Object Injection: Posted Oct 11, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions 9.0.1 and below suffer from multiple php object injection vulnerabilities.; tags | exploit, php, vulnerability; MD5 | 7b2fd6425395925d0bd77736e7cd43cc; Download | Favorite | View

SugarCRM 9.0.1 PHP Code Injection: Posted Oct 11, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions 9.0.1 and below suffer from multiple PHP code injection vulnerabilities.; tags | exploit, php, vulnerability; MD5 | 1138730283969f03621d804b3942381f; Download | Favorite | View

SugarCRM 9.0.1 Path Traversal: Posted Oct 11, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions 9.0.1 and below suffer from multiple path traversal vulnerabilities.; tags | exploit, vulnerability; MD5 | 07e61544723cdaf57099f0133cbf81e8; Download | Favorite | View

SugarCRM 9.0.1 Broken Access Controls: Posted Oct 11, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions 9.0.1 and below suffer from multiple broken access control vulnerabilities.; tags | exploit, vulnerability; MD5 | 1168050e8aead52cc4050329687aece7; Download | Favorite | View

SugarCRM 9.0.1 SQL Injection: Posted Oct 11, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions 9.0.1 and below suffer from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; MD5 | d7d53f88e5bd5cf9486ffe6a36ff47b3; Download | Favorite | View

SugarCRM 9.0.1 Cross Site Scripting: Posted Oct 11, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions 9.0.1 and below suffer from multiple reflective cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; MD5 | a36ef60c0e8d40f91c64cce4c99d669a; Download | Favorite | View

vBulletin 5.5.4 Remote Code Execution: Posted Oct 7, 2019; Authored by EgiX | Site karmainsecurity.com; vBulletin versions 5.5.4 and below suffers from an updateAvatar remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2019-17132; MD5 | 2bd3e76b0d1ad20fdb921832d6d49f29; Download | Favorite | View

vBulletin 5.5.4 SQL Injection: Posted Oct 7, 2019; Authored by EgiX | Site karmainsecurity.com; vBulletin versions 5.5.4 and below suffer from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; advisories | CVE-2019-17271; MD5 | cd33cc4dfeb49e4f86dc27d6697a4e0a; Download | Favorite | View

SugarCRM Web Logic Hooks Module Path Traversal: Posted Jan 1, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.; tags | exploit, web, arbitrary, php; MD5 | 0a73c52a5465fdc38ae3bede2f424098; Download | Favorite | View

SugarCRM Web Logic Hooks Module PHP Code Injection: Posted Jan 1, 2019; Authored by EgiX | Site karmainsecurity.com; SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.; tags | exploit, web, arbitrary, php; MD5 | bc08aaf51fef23154d37431b75e27168; Download | Favorite | View

Page 1 of 7 Back 1 2 3 4 5 Next

Top Authors In Last 30 Days

Red Hat 53 files
Ubuntu 29 files
Gentoo 26 files
malvuln 26 files
Jeremy Brown 7 files
Aakash Madaan 6 files
SunCSR 6 files
Mesut Cetin 6 files
Kislay Kumar 5 files
Arnav Tripathy 5 files

File Archives

Systems

AIX (421)
Apple (1,760)
BSD (368)
Cisco (1,901)
Debian (5,945)
Fedora (1,688)
FreeBSD (1,241)
Gentoo (4,010)
HPUX (873)
iOS (280)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (39,200)
Mac OS X (672)
Mandriva (3,105)
NetBSD (255)
OpenBSD (472)
RedHat (9,543)
Slackware (941)
Solaris (1,597)
SUSE (1,444)
Ubuntu (7,062)
UNIX (8,822)
UnixWare (180)
Windows (5,721)
Other

Files from EgiX

File Archive:

January 2021

Top Authors In Last 30 Days

File Tags

File Archives

Systems