what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 193 RSS Feed

Files from EgiX

Email addressn0b0d13s at gmail.com
First Active2007-07-31
Last Active2024-01-31
CakePHP 3.2.0 CSRF Bypass
Posted Jan 17, 2016
Authored by EgiX

CakePHP versions 3.2.0 and below suffer from a _method cross site request forgery protection bypass vulnerability.

tags | exploit, bypass, csrf
advisories | CVE-2015-8379
SHA-256 | 6e2e864c04d0c6c4360fa94fcb1ed1542e92335d6934e0804e1d0d0100ff489d
Piwik 2.14.3 PHP Object Injection
Posted Nov 4, 2015
Authored by EgiX

Piwik versions 2.14.3 and below suffer from a PHP object injection vulnerability that can lead to remote code execution.

tags | exploit, remote, php, code execution
advisories | CVE-2015-7816
SHA-256 | 84f13b541beeab5027a0a0d132f9bddd2aec51f57b18ea61539b18dec408924d
Piwik 2.14.3 Local File Inclusion
Posted Nov 4, 2015
Authored by EgiX

Piwik version 2.14.3 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2015-7815
SHA-256 | eee59dc36374f91dced40b4ea48194596072b837658dfbeccc53d0849c0265bd
ATutor 2.2 PHP Code Injection
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a remote php code injection vulnerability.

tags | exploit, remote, php
advisories | CVE-2015-7712
SHA-256 | d68f51a39b755fe477331334371a85a9867f5564885f7740eefbf41a2c9a3341
ATutor 2.2 Cross Site Scripting
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7711
SHA-256 | 3f019a580730a65969fb1ee296eee1f664af50dc8c239571889044cbaa6c68b0
ATutor 2.2 Session Variable Overloading
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability.

tags | advisory
advisories | CVE-2014-9753
SHA-256 | fbaac07ae5c801f3305296ae4796cdbada7788e75ace0989665efa6ffddd79c9
ATutor 2.2 File Upload
Posted Nov 4, 2015
Authored by EgiX

ATutor versions 2.2 and below suffer from a remote unrestricted file upload vulnerability.

tags | exploit, remote, file upload
advisories | CVE-2014-9752
SHA-256 | bfe91d27b6015c2947337a14fd42a2923a402b9ed2d98972883b08ff15515b82
Magento 1.9.2 File Inclusion
Posted Sep 14, 2015
Authored by EgiX

Magento versions 1.9.2 and below suffer from an autoloaded file inclusion vulnerability.

tags | exploit, file inclusion
advisories | CVE-2015-6497
SHA-256 | fc7990f532774d8eb7b6c58646a4184c066856b3fb99521ec6baa6859a83e854
Concrete5 5.7.4 SQL Injection
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.4 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 09135e38d13882eebea77629d624025c3928967909de59178c537978dfc7e7ac
Concrete5 5.7.3.1 Cross Site Scripting
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.3.1 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 5a6ef1506e51dfe8f5c743d4ac107de78835ad514c929a0dbd4c1e19c02acdda
Concrete5 5.7.3.1 sendmail Remote Code Execution
Posted Jun 12, 2015
Authored by EgiX

Concrete5 versions 5.7.3.1 and below suffers from a sendmail-related remote code execution vulnerability.

tags | exploit, remote, code execution
SHA-256 | 2738129737c2ca9db8afcb24d75b7688377742b1d8ad9da2b2e8397c4bd6faed
Open Letters Remote PHP Code Injection
Posted Apr 22, 2015
Authored by EgiX, TUNISIAN CYBER

Open Letters remote PHP code injection exploit.

tags | exploit, remote, php
SHA-256 | 5b55b8dec7032e9a0c9a5a10c5e92faa1e847ea73b757f2e6b21d10d4274b5e0
Symantec Web Gateway 5 restore.php Command Injection
Posted Mar 3, 2015
Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerability by any kind of user. However, for version 5.2.1, you must be an administrator.

tags | exploit, web
advisories | CVE-2014-7285
SHA-256 | 7810fcb69993934064a2c2e0dc2b58aaf5d7e3002088449a8499f31076eee919
Symantec Web Gateway 5.2.1 OS Command Injection
Posted Dec 31, 2014
Authored by EgiX

Symantec Web Gateway versions 5.2.1 and below suffer from a remote OS command injection vulnerability.

tags | exploit, remote, web
advisories | CVE-2014-7285
SHA-256 | 80e097e61c3144721b95a38213e7b0f3f782bac6d90fcd41c8baf29fdbab0249
GetSimple CMS 3.3.4 XML External Entity Injection
Posted Dec 31, 2014
Authored by EgiX

GetSimple CMS versions 3.1.1 through 3.3.4 suffer from an XML external entity injection vulnerability.

tags | exploit, xxe
advisories | CVE-2014-8790
SHA-256 | 08abfc94e71de2ed8b547ff31a3d88150accaa5198692c3c78a8a9486fd32308
Mantis Bug Tracker 1.2.17 PHP Code Injection
Posted Dec 31, 2014
Authored by EgiX

Mantis Bug Tracker versions 1.2.0 through 1.2.17 suffer from a PHP code injection vulnerability.

tags | exploit, php
advisories | CVE-2014-7146
SHA-256 | 5123adecd54a72a557dfcb5fa13fb9a040dc8f7303ed28a65d028c74cd29df24
Osclass 3.4.2 Local File Inclusion
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2014-8084
SHA-256 | 540c5a7d1919e55e0e1b5450e86af76917b39fa680c1edfea9aecdb3e4c5c065
Osclass 3.4.2 Shell Upload
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a remote shell upload vulnerability.

tags | exploit, remote, shell
advisories | CVE-2014-8085
SHA-256 | 825d51702a5b5cff864eca84c0ff288307cf0918b165529a013cccb1666471cd
Osclass 3.4.2 SQL Injection
Posted Dec 31, 2014
Authored by EgiX

Osclass versions 3.4.2 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2014-8083
SHA-256 | feb708538ef7cc58e421b2def7ebaeb3f6f71a708040f56f501d7b1cde85fc88
Tuleap PHP Unserialize Code Execution
Posted Dec 12, 2014
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. The dangerous unserialize() call exists in the 'src/www/project/register.php' file. The exploit abuses the destructor method from the Jabbex class in order to reach a call_user_func_array() call in the Jabbex class and call the fetchPostActions() method from the Transition_PostAction_FieldFactory class to execute PHP code through an eval() call. In order to work, the target must have the 'sys_create_project_in_one_step' option disabled.

tags | exploit, web, arbitrary, php
advisories | CVE-2014-8791
SHA-256 | 5a33756ac6f164ee2fb059946d33588c9b36b6022e2d724e212c9716e418d54e
Tuleap 7.6-4 PHP Object Injection
Posted Nov 28, 2014
Authored by EgiX

Tuleap versions 7.6-4 and below suffer from a PHP object injection vulnerability in register.php.

tags | exploit, php
advisories | CVE-2014-8791
SHA-256 | 192dd00027ad64789b52484759c17f92a935cf687f895373607d3b900d19a1ad
MantisBT XmlImportExport Plugin PHP Code Injection
Posted Nov 18, 2014
Authored by EgiX | Site metasploit.com

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code on the remote machine.

tags | exploit, remote, arbitrary, php
advisories | CVE-2014-7146
SHA-256 | 48a52817bee791b7eaeae5d5e9a609d2d96fd14642c96da155fb1a16a00bf9c9
TestLink 1.9.12 Path Disclosure
Posted Oct 23, 2014
Authored by EgiX

TestLink versions 1.9.12 and below suffer from a path disclosure weakness.

tags | advisory
advisories | CVE-2014-8082
SHA-256 | d4e121ab0a2d7487bb19bb362e04c56ee75b63e8fc27574280cfee78584f1aad
TestLink 1.9.12 PHP Object Injection
Posted Oct 23, 2014
Authored by EgiX

TestLink versions 1.9.12 and below suffer from a PHP object injection vulnerability in execSetResults.php.

tags | advisory, php
advisories | CVE-2014-8081
SHA-256 | 84140ec47ef7b41446e409364cc8ec283f65b120fa742ffdf380813e2bf74c75
X2Engine 4.1.7 Unrestricted File Upload
Posted Sep 23, 2014
Authored by EgiX

X2Engine versions 4.1.7 and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist.

tags | exploit, file upload
advisories | CVE-2014-5298
SHA-256 | f7f0d377cb996b5e9e79057b4c8a18347d9ead55c06712219f6e0ee4196c0f23
Page 4 of 8
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close