Author : egix
Page 1 of 129 exploits
 |
Title | Author | Platform | Source | Description | Date |
|---|---|---|---|---|---|---|
|
Joomla! <= 3.0.3 (remember.php) - PHP Object Injection Vulnerability | EgiX | php | exploit-db.com | ------------------------------------------------------------------ Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability ------------------------------------------------------------------ [-] Software Link: http://www.joomla.org/ [-] Affected Versions: Version 3.0.3 an | April 29 |
|
|
Joomla! 3.0.3 PHP Object Injection | EgiX | na | packetstormsecurity.org | Joomla! versions 3.0.3 and below suffer from a PHP object injection vulnerability in remember.php. | April 29 |
|
|
Joomla! 3.0.2 PHP Object Injection | EgiX | na | packetstormsecurity.org | Joomla! versions 3.0.2 and below suffer from a PHP object injection vulnerability in highlight.php. | February 27 |
|
|
CubeCart 5.2.0 PHP Object Injection | EgiX | na | packetstormsecurity.org | CubeCart versions 5.0.0 through 5.2.0 suffer from a PHP object injection vulnerability in cubecart.class.php. | February 6 |
|
|
DataLife Engine preview.php PHP Code Injection | EgiX | na | juan vazquez | This Metasploit module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of preg_replace() with the e modifier, which allows to inject arbitrary php code, when the template in use contains a [catlist] or [not-catlist] tag. | February 1 |
|
|
Invision IP.Board 3.3.4 unserialize() PHP Code Execution | EgiX | na | sinn3r | This Metasploit module exploits a php unserialize() vulnerability in Invision IP.Board versions 3.3.4 and below which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the '/admin/sources/base/core.php' script, which is called with user controlled data from the cookie. The exploit abuses the __destruct() method from the dbMain class to write arbitrary PHP code to a file on the Invision IP.Board web directory. The exploit has been tested successfully on Invision IP.Board 3.3.4. | November 13 |
|
|
Invision Power Board 3.3.4 Code Execution | EgiX | na | packetstormsecurity.org | Invision Power Board versions 3.3.4 and below unserialize() PHP code execution exploit. | November 1 |
|
|
Tiki Wiki <= 8.3 unserialize() PHP Code Execution | EgiX | na | juan vazquez | This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3. | July 6 |
|
|
Tiki Wiki CMS Groupware <= 8.3 "unserialize()" PHP Code Execution | EgiX | php | exploit-db.com | July 4 | |
|
|
Tiki Wiki CMS Groupware 8.3 Code Execution | EgiX | na | packetstormsecurity.org | Tiki Wiki CMS Groupware versions 8.3 and below suffer from an unserialize() PHP code execution vulnerability. | July 4 |
|
|
SugarCRM CE 6.3.1 PHP Code Execution | EgiX | na | packetstormsecurity.org | SugarCRM CE versions 6.3.1 and below suffer from an unserialize() PHP code execution vulnerability. | June 25 |
|
|
SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution | EgiX | php | exploit-db.com | June 23, 2012 | |
|
|
WeBid converter.php Remote PHP Code Injection | EgiX | na | juan vazquez | This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution. | May 25, 2012 |
|
|
appRain CMF Arbitrary PHP File Upload Vulnerability | EgiX | na | sinn3r | This Metasploit module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution. | May 24, 2012 |
|
|
WikkaWiki 1.3.2 Spam Logging PHP Injection | EgiX | na | sinn3r | This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'. | May 11, 2012 |