exploit the possibilities
Showing 1 - 25 of 170 RSS Feed

Files from EgiX

Email addressn0b0d13s at gmail.com
First Active2007-07-31
Last Active2021-07-20
Concrete5 8.5.5 Phar Deserialization
Posted Jul 20, 2021
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.

tags | advisory, arbitrary, php
advisories | CVE-2021-36766
MD5 | a1fb25a9ba4326669a0ede911fe27d02
IPS Community Suite 4.5.4.2 PHP Code Injection
Posted May 31, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.

tags | exploit, arbitrary, php
advisories | CVE-2021-32924
MD5 | 1b4fb4e5987be3d21bd6ca2f13378d32
ExpressionEngine 6.0.2 PHP Code Injection
Posted Mar 15, 2021
Authored by EgiX | Site karmainsecurity.com

ExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.

tags | exploit, php
advisories | CVE-2021-27230
MD5 | ef038368400297010e360e1916e2d2fe
docsify 4.11.6 Cross Site Scripting
Posted Feb 22, 2021
Authored by EgiX

docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.

tags | advisory, xss
advisories | CVE-2020-7680, CVE-2021-23342
MD5 | 4f1f48238c4e1aa6fdf3106d9952a98f
IPS Community Suite 4.5.4 SQL Injection
Posted Jan 6, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.

tags | exploit, remote, sql injection
advisories | CVE-2021-3025
MD5 | dbfe43c17c45eb62df239a2a07b7e8db
qdPM 9.1 PHP Object Injection
Posted Dec 31, 2020
Authored by EgiX | Site karmainsecurity.com

qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-26165
MD5 | 59a37dff15f2cdae915eeb5509b2b6a3
SugarCRM SQL Injection
Posted Aug 12, 2020
Authored by EgiX

SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2020-17373
MD5 | 1e905e5f22cd6342f9072a100d0f76d0
SugarCRM Cross Site Scripting
Posted Aug 12, 2020
Authored by EgiX

SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2020-17372
MD5 | 183b85c8b4288860f9bd1feb70ed8796
openSIS 7.4 Unauthenticated PHP Code Execution
Posted Jul 6, 2020
Authored by EgiX | Site metasploit.com

This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.

tags | exploit, arbitrary, local, php, vulnerability, sql injection, file inclusion
advisories | CVE-2020-13381, CVE-2020-13382, CVE-2020-13383
MD5 | 07a638401a07dae3fe0cc15b5a196965
openSIS 7.4 SQL Injection
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-13380, CVE-2020-13381
MD5 | a2debfb35200111f560b317b09d7483a
openSIS 7.4 Local File Inclusion
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-13383
MD5 | 34773fe08298e4f70971b2ca475bfba4
openSIS 7.4 Incorrect Access Control
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from an access bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-13382
MD5 | 4cebf3ba915295798f97385106aeba1b
SuiteCRM 7.11.10 SQL Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-8804
MD5 | e563a245d3450a08dc89409be7d351e6
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

tags | exploit, local, file inclusion
advisories | CVE-2020-8803
MD5 | 30243acc735a0a74cd60961a8b809988
SuiteCRM 7.11.11 Bean Manipulation
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.

tags | exploit
advisories | CVE-2020-8802
MD5 | 5b37a8d65609f140a2d503b2ba0f5aea
SuiteCRM 7.11.11 Phar Deserialization
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2020-8801
MD5 | 40555272df9e2fe2b9399bbc7bb54c0a
SuiteCRM 7.11.11 Second-Order PHP Object Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-8800
MD5 | ea4d3494a5be75e5e45932ce2189d4c2
YouPHPTube 7.7 SQL Injection
Posted Dec 4, 2019
Authored by EgiX | Site karmainsecurity.com

YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2019-18662
MD5 | bda45fa0236ae4d5e784d5a3ac75112a
SugarCRM 9.0.1 Phar Deserialization
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
MD5 | 9b8f9b6b6a519339498cc83d2af280ce
SugarCRM 9.0.1 PHP Object Injection
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple php object injection vulnerabilities.

tags | exploit, php, vulnerability
MD5 | 7b2fd6425395925d0bd77736e7cd43cc
SugarCRM 9.0.1 PHP Code Injection
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple PHP code injection vulnerabilities.

tags | exploit, php, vulnerability
MD5 | 1138730283969f03621d804b3942381f
SugarCRM 9.0.1 Path Traversal
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple path traversal vulnerabilities.

tags | exploit, vulnerability
MD5 | 07e61544723cdaf57099f0133cbf81e8
SugarCRM 9.0.1 Broken Access Controls
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple broken access control vulnerabilities.

tags | exploit, vulnerability
MD5 | 1168050e8aead52cc4050329687aece7
SugarCRM 9.0.1 SQL Injection
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | d7d53f88e5bd5cf9486ffe6a36ff47b3
SugarCRM 9.0.1 Cross Site Scripting
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | a36ef60c0e8d40f91c64cce4c99d669a
Page 1 of 7
Back12345Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close