exploit the possibilities
Showing 1 - 25 of 143 RSS Feed

Files from EgiX

Email addressn0b0d13s at gmail.com
First Active2007-07-31
Last Active2019-01-01
SugarCRM Web Logic Hooks Module Path Traversal
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, web, arbitrary, php
MD5 | 0a73c52a5465fdc38ae3bede2f424098
SugarCRM Web Logic Hooks Module PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, web, arbitrary, php
MD5 | bc08aaf51fef23154d37431b75e27168
SugarCRM addLabels PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels_' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels()" method when saving labels through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, arbitrary, php
MD5 | a185f42ec61a0417ce4c9024f155944a
Oracle Application Express AnyChart Flash-Based Cross Site Scripting
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.

tags | exploit, xss
advisories | CVE-2018-2699
MD5 | 1878f1ac9c3a185afe84dab79f99b4fe
SugarCRM WorkFlow PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST['base_module'] parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the 'workflow.php' file. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, arbitrary, php
MD5 | 695389da1dad0e4c2419d379b1d1e132
SugarCRM SaveDropDown PHP Code Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'list_value' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.

tags | exploit, arbitrary, php
MD5 | d7144a03e522ca3b40f5f45efbaea7dd
SugarCRM portal_get_related_notes SQL Injection
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portal_get_related_notes()" SOAP function. User input passed through the "order_by" parameter is not properly sanitized before being used to construct an "ORDER BY" clause of a SQL query from within the "get_notes_in_contacts()" or "get_notes_in_module()" functions. This can be exploited by Portal API Users to e.g. read sensitive data from the database through time-based SQL injection attacks.

tags | exploit, remote, sql injection
MD5 | 61b9e60763ce19a37159b100d11ccf2b
SugarCRM ConnectorsController Server-Side Request Forgery
Posted Jan 1, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.

tags | exploit
MD5 | e437e1ac25dea0512229ef9d9063a774
Mantis manage_proj_page PHP Code Execution
Posted May 9, 2018
Authored by EgiX, Lars Sorenson | Site metasploit.com

Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.

tags | exploit, remote, php, code execution
advisories | CVE-2008-4687
MD5 | 1357cfcb1f87c0ce0787fbc307d1bb01
Tuleap 9.6 Second-Order PHP Object Injection
Posted Dec 19, 2017
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user through the REST API interface. The exploit's POP chain abuses the __toString() method from the Mustache class to reach a call to eval() in the Transition_PostActionSubFactory::fetchPostActions() method.

tags | exploit, arbitrary, php
advisories | CVE-2017-7411
MD5 | bf85aad5adfa9342783213505d464d8c
Tuleap 9.6 Second-Order PHP Object Injection
Posted Oct 24, 2017
Authored by EgiX | Site karmainsecurity.com

Tuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.

tags | advisory, php
advisories | CVE-2017-7411
MD5 | 2a4b257f70f6f54a3226a84d41b3ca08
PEAR HTML_AJAX 0.5.7 PHP Object Injection
Posted Feb 6, 2017
Authored by EgiX | Site karmainsecurity.com

PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | d2e6428ee37fd292066c41b75c9463b4
Piwik 2.16.0 PHP Object Injection
Posted Nov 8, 2016
Authored by EgiX | Site karmainsecurity.com

Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.

tags | exploit, php
MD5 | bd3245f114f5d320f885b704e6a5d15e
Symantec Web Gateway 5.2.2 OS Command Injection
Posted Oct 6, 2016
Authored by EgiX | Site karmainsecurity.com

Symantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.

tags | exploit, web, php
advisories | CVE-2016-5313
MD5 | 38e30c2ae231c0c90aef4db50c02c12c
SugarCRM REST Unserialize PHP Code Execution
Posted Sep 8, 2016
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.

tags | exploit, arbitrary, php
MD5 | f9879bb95d16d3382f2534b9240c7d25
IPS Community Suite 4.1.12.3 PHP Code Injection
Posted Jul 7, 2016
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.

tags | exploit, remote, php
advisories | CVE-2016-6174
MD5 | 6818425f032118305ebc187f36a5a134
Concrete5 5.7.3.1 Local File Inclusion
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 7aad8a3d1adf10f05ea51ee8ca0e546d
Concrete5 5.7.3.1 Cross Site Scripting
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d058d3ec001d3a60cfa71271ebc40d36
Concrete5 5.7.3.1 Cross Site Request Forgery
Posted Jun 29, 2016
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 5.7.3.1 and below suffer from multiple cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
MD5 | a9b43ed5dadf22c5af4f6e27e76b6a2d
SugarCRM 6.5.23 SugarRestSerialize.php PHP Object Injection
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | 75a86f0ba47e36424e523dde32a8cfb9
SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.

tags | exploit, xss
MD5 | d4aa80fa1772da234e2d9b4d7bd5e299
SugarCRM 6.5.18 PHP Code Injection
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.

tags | exploit, php, vulnerability
MD5 | 58722361e515edc078b6dc8a90758f93
SugarCRM 6.5.18 Missing Authorization
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.

tags | exploit
MD5 | 7b4962bd34be471d7a0aac23a8f25eaa
SugarCRM 6.5.18 SAML Authentication XML External Entity
Posted Jun 24, 2016
Authored by EgiX

SugarCRM versions 6.5.18 CE and below suffer from a SAML authentication XML external entity vulnerability.

tags | advisory, xxe
MD5 | c28483be9e51e708f3c48952da13852e
Magento 1.9.2.2 RSS Feed Information Disclosure
Posted Feb 25, 2016
Authored by EgiX

Magento versions 1.9.2.2 and below suffer from an information disclosure vulnerability in their RSS feed.

tags | exploit, info disclosure
advisories | CVE-2016-2212
MD5 | 72ef98d834f769976ae3af136b7e032f
Page 1 of 6
Back12345Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close