EgiX

136 exploits Active since Feb 2005
CVE-2012-1153 EXPLOITDB ruby WORKING POC
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
CVE-2011-4825 EXPLOITDB php WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2013-7387 EXPLOITDB ruby WORKING POC
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
CVE-2008-2742 EXPLOITDB php WORKING POC
Achievo 1.2.0-1.3.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via MCPUK File Editor
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
CVE-2017-7411 EXPLOITDB HIGH ruby WORKING POC
Tuleap < 9.6 - Remote Code Execution via User::getRecentElements() Unserialize
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).
CVSS 8.8
CVE-2014-8791 EXPLOITDB ruby WORKING POC
Tuleap < 7.7 - Authenticated PHP Object Injection via Project Registration Data Parameter
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
CVE-2008-4687 EXPLOITDB ruby WORKING POC
Mantis < 1.1.4 - Authenticated Remote Code Execution via Sort Parameter
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
CVE-2012-5692 EXPLOITDB ruby WORKING POC
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2014-1691 EXPLOITDB ruby WORKING POC
Horde Application Framework < 5.1.1 - Remote Code Execution via Serialized Object in _formvars
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
CVE-2012-1495 EXPLOITDB CRITICAL ruby WORKING POC
WebCalendar < 1.2.5 - Remote Code Execution via form_single_user_login Parameter
install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter.
CVSS 9.8
CVE-2013-1349 EXPLOITDB ruby WORKING POC
openSIS 4.5-5.2 - Remote Code Execution via ajax.php modname Parameter
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.