what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Xenforo 2.2.15 Remote Code Execution
Posted Jul 17, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system.

tags | exploit, remote, code execution
advisories | CVE-2024-38458
SHA-256 | 141922e324fd21737d323eaed2f53c7bc972900273dfc3e19ea72c0648544233

Related Files

XenForo 2.2.15 Cross Site Request Forgery
Posted Jul 17, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.15 and below suffer from a cross site request forgery vulnerability in Widget::actionSave.

tags | exploit, csrf
advisories | CVE-2024-38457
SHA-256 | a2e0e2c93fd20ac00f325a1d77c282bae74c903affae30dd55518d5333641874
XenForo 2.2.13 ArchiveImport.php Zip Slip
Posted Jan 31, 2024
Authored by EgiX | Site karmainsecurity.com

XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.

tags | exploit, php
SHA-256 | 5deccbdac2cfe207ec995833b611569397b53b3acedb61fbd211edfe7bb16b0d
Xenforo 2.2.13 Cross Site Scripting
Posted Jun 27, 2023
Authored by Furkan Karaarslan

Xenforo version 2.2.13 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f5d2f804109cb0eeef8387c640405b6f7f8dc548ab7656e5c0750cbeed8641d3
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
Posted Mar 30, 2022
Authored by EgiX | Site karmainsecurity.com

Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives.

tags | exploit, vulnerability
advisories | CVE-2022-23793
SHA-256 | 3659bb2a193b54ec58750cfb109d9f00cfd739f7828d6a6d4fdff0e0ff2be911
ImpressCMS 1.4.2 SQL Injection
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2021-26599
SHA-256 | fb068f3b5b726ef7f6497f8040c8f0b94fc6749a1851c9e7f05fdbae0ca41fa0
ImpressCMS 1.4.2 Incorrect Access Control
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from an incorrect access control vulnerability.

tags | exploit
advisories | CVE-2021-26598
SHA-256 | 4b55169e7ddd7a9da312a1bb940bbd4357b7a28a5e228523903848b5c2e04d5f
ImpressCMS 1.4.2 Path Traversal
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.

tags | exploit, arbitrary
advisories | CVE-2021-26601
SHA-256 | 54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4
ImpressCMS 1.4.2 Authentication Bypass
Posted Mar 22, 2022
Authored by EgiX | Site karmainsecurity.com

ImpressCMS versions 1.4.2 and below suffer from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2021-26600
SHA-256 | d8dfe7df740ddc2041569cf9735ee4180779ccae9c55e66d12ed7119dce09379
Concrete5 8.5.5 Phar Deserialization
Posted Jul 20, 2021
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.

tags | advisory, arbitrary, php
advisories | CVE-2021-36766
SHA-256 | 4737c6d7d22010e52296503aaa366abc55f04d975b7b1fd092c8c80e1a164e8a
IPS Community Suite 4.5.4.2 PHP Code Injection
Posted May 31, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.

tags | exploit, arbitrary, php
advisories | CVE-2021-32924
SHA-256 | 392b40ad40c330e4deb04c99f4ff988666d96d0c4e3c606a17ec99241047911a
ExpressionEngine 6.0.2 PHP Code Injection
Posted Mar 15, 2021
Authored by EgiX | Site karmainsecurity.com

ExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.

tags | exploit, php
advisories | CVE-2021-27230
SHA-256 | 194597ced97a35c6d247729d6a66efa739186e83e8e19c865571433ee7b78ee3
docsify 4.11.6 Cross Site Scripting
Posted Feb 22, 2021
Authored by EgiX

docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.

tags | advisory, xss
advisories | CVE-2020-7680, CVE-2021-23342
SHA-256 | 660d129dcc87aa67615bb840ba7c6f92bff103f112e67bbd1690a0f2d2193057
IPS Community Suite 4.5.4 SQL Injection
Posted Jan 6, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.

tags | exploit, remote, sql injection
advisories | CVE-2021-3025
SHA-256 | 91f17358440b97a2cdf9126200c78d2bfdc16a8200647806ddf3ac379ef0d629
qdPM 9.1 PHP Object Injection
Posted Dec 31, 2020
Authored by EgiX | Site karmainsecurity.com

qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-26165
SHA-256 | b112518046e2d985fa9df4e1d428c12274ab5e4bf070ee7383978e0a73695f45
XenForo 2.1.10 Patch 2 Cross Site Scripting
Posted Aug 17, 2020
Authored by Vincent666 ibn Winnie

XenForo version 2.1.0 Patch 2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dc51a83e717b75116c25528d1b3a8342dafcd2220bbfe77a7e2298e2a0ad11cf
openSIS 7.4 SQL Injection
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-13380, CVE-2020-13381
SHA-256 | 400d9b74c5924b238ccb88c1968e13b4640183baf55f44521ab902c275f4c1d9
openSIS 7.4 Local File Inclusion
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
advisories | CVE-2020-13383
SHA-256 | e7161d7a2b2b5f3b74f9ce9373cde1c623bb264344142c67862680b20c2bfee5
openSIS 7.4 Incorrect Access Control
Posted Jun 30, 2020
Authored by EgiX | Site karmainsecurity.com

openSIS versions 7.4 and below suffer from an access bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-13382
SHA-256 | de18d17ff15947139e2907c1c51bf51af6d549555d04403c26002b9a0c85a3af
SuiteCRM 7.11.10 SQL Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2020-8804
SHA-256 | 6d0664ee294d9c0e355362341a51a1fb0526746a2bbe5d841ef37520620739c4
SuiteCRM 7.11.11 Broken Access Control / Local File Inclusion
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.

tags | exploit, local, file inclusion
advisories | CVE-2020-8803
SHA-256 | bf17496e890701853063b6c0ff76d7e4c10126a589c0ff3f257def2dcf623ee6
SuiteCRM 7.11.11 Bean Manipulation
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.

tags | exploit
advisories | CVE-2020-8802
SHA-256 | 2180571bb1e2260ae7306d067b16cfbedbc9933b8f3852afefaabda12b8e98f8
SuiteCRM 7.11.11 Phar Deserialization
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2020-8801
SHA-256 | 6635b4d98132797e97d5f7beb1446ac64f1d1b045f58dd11a4416288eebcbc03
SuiteCRM 7.11.11 Second-Order PHP Object Injection
Posted Feb 13, 2020
Authored by EgiX | Site karmainsecurity.com

SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.

tags | exploit, php
advisories | CVE-2020-8800
SHA-256 | 0b39b583ac4c6a3f164f129018fb829ea101106ca187de455b16329ca19a3403
YouPHPTube 7.7 SQL Injection
Posted Dec 4, 2019
Authored by EgiX | Site karmainsecurity.com

YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.

tags | exploit, remote, php, sql injection
advisories | CVE-2019-18662
SHA-256 | 5d71aceec19133413eee8c6f4b44fc22997703a0b913eb7cb5f88539b50f03f1
SugarCRM 9.0.1 Phar Deserialization
Posted Oct 11, 2019
Authored by EgiX | Site karmainsecurity.com

SugarCRM versions 9.0.1 and below suffer from multiple phar deserialization vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 711e401e10751d14106c7d0d10801ee4abc8af0fdc7d9ced190af9f40bd8b2b6
Page 1 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close