XiphosResearch/exploits

XiphosResearch/exploits

www.xiphosresearch.com

Releases0

Stars1.57K

Miscellaneous exploit code

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2015-5947 ↗	Sep 6, 2017Wednesday, 6 September 2017, 21:29	8.1 HIGH	6.8 MEDIUM
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code.
CVE-2015-5948 ↗	Sep 6, 2017Wednesday, 6 September 2017, 21:29	—	9.3 HIGH
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947.
CVE-2016-9836 ↗	Dec 5, 2016Monday, 5 December 2016, 17:59	—	7.5 HIGH
The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! CMS before 3.6.5 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to upload and execute files with the `.php6`, `.php7`, `.phtml`, and `.phpt` extensions. Additionally, JHelperMedia::canUpload() did not blacklist these file extensions as uploadable file types.