Juan Escobar

7 exploits Active since Nov 2014
CVE-2014-8598 METASPLOIT ruby WORKING POC
MantisBT < 1.2.17 - Unauthenticated Arbitrary File Upload and Information Disclosure via XML Import/Export Plugin
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
CVE-2014-7146 EXPLOITDB ruby WORKING POC
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2014-7146 METASPLOIT ruby WORKING POC
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2014-8998 METASPLOIT ruby WORKING POC
X7 Chat <2.0.5.1 - Authenticated RCE
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
CVE-2014-7146 EXPLOITDB ruby WORKING POC
MantisBT - Remote Code Execution via XmlImportExport Plugin Preg Replace
The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.
CVE-2014-8998 EXPLOITDB ruby WORKING POC
X7 Chat <2.0.5.1 - Authenticated RCE
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
CVE-2014-8598 EXPLOITDB ruby WORKING POC
MantisBT < 1.2.17 - Unauthenticated Arbitrary File Upload and Information Disclosure via XML Import/Export Plugin
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.