Author: Egidio Romano

Country:

Reported research: 39

Advisories

Risk	Topic & Details
High	PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2017-02-06
High	IPS Community Suite 4.1.12.3 PHP Code Injection (CVE assigned) Remote \| 2016-07-09
Med.	Concrete5 5.7.3.1 Local File Inclusion Remote \| 2016-06-29
Med.	Concrete5 5.7.3.1 Cross Site Request Forgery Remote \| 2016-06-29
High	SugarCRM 6.5.18 SAML Authentication XML External Entity Remote \| 2016-06-24
Med.	SugarCRM 6.5.18 fopen() Command Injection / XSS / SSRF Remote \| 2016-06-24
Med.	SugarCRM 6.5.18 Missing Authorization Remote \| 2016-06-24
High	SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities Remote \| 2016-06-24
Low	CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability (CVE assigned) Remote \| 2016-01-20
Med.	ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability Remote \| 2015-11-05
Low	ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability (CVE assigned) Remote \| 2015-11-05
High	ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability (CVE assigned) Remote \| 2015-11-05
High	Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2015-11-05
Med.	Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability (CVE assigned) Remote \| 2015-09-15
High	Concrete5 5.7.3.1 sendmail Remote Code Execution Remote \| 2015-06-12
Low	Concrete5 5.7.3.1 Cross Site Scripting Remote \| 2015-06-12
Med.	Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability Remote \| 2015-06-12
High	OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2014-11-30
High	Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability Remote \| 2014-11-30
High	Open Web Analytics <= 1.5.6 (queue.php) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2014-11-30
High	Zikula Application Framework <= 1.3.6 Multiple PHP Object Injection Vulnerabilities (CVE assigned) Remote \| 2014-11-30
High	OpenPNE <= 3.8.9 (opSecurityUser.class.php) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2014-11-30
High	Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2014-11-29
Low	TestLink 1.9.12 Path Disclosure (CVE assigned) Remote \| 2014-10-24
High	TestLink 1.9.12 PHP Object Injection (CVE assigned) Remote \| 2014-10-24
High	X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2014-09-24
High	X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability (CVE assigned) Remote \| 2014-09-24
High	OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability (CVE assigned) Remote \| 2014-07-15
Med.	Dotclear <= 2.6.2 (categories.php) SQL Injection (CVE assigned) Remote \| 2014-05-22
High	openSIS 5.2 PHP Code Injection (CVE assigned) Remote \| 2013-12-08

Author: Egidio Romano

Reported research: 39

Advisories

High

PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2017-02-06

High

IPS Community Suite 4.1.12.3 PHP Code Injection (CVE assigned)

Remote | 2016-07-09

Med.

Remote | 2016-06-29

Med.

Remote | 2016-06-29

High

Remote | 2016-06-24

Med.

Remote | 2016-06-24

Med.

Remote | 2016-06-24

High

Remote | 2016-06-24

Low

CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability (CVE assigned)

Remote | 2016-01-20

Med.

Remote | 2015-11-05

Low

ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability (CVE assigned)

Remote | 2015-11-05

High

ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability (CVE assigned)

Remote | 2015-11-05

High

Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2015-11-05

Med.

Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability (CVE assigned)

Remote | 2015-09-15

High

Remote | 2015-06-12

Low

Remote | 2015-06-12

Med.

Remote | 2015-06-12

High

OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2014-11-30

High

Remote | 2014-11-30

High

Open Web Analytics <= 1.5.6 (queue.php) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2014-11-30

High

Zikula Application Framework <= 1.3.6 Multiple PHP Object Injection Vulnerabilities (CVE assigned)

Remote | 2014-11-30

High

OpenPNE <= 3.8.9 (opSecurityUser.class.php) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2014-11-30

High

Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2014-11-29

Low

TestLink 1.9.12 Path Disclosure (CVE assigned)

Remote | 2014-10-24

High

TestLink 1.9.12 PHP Object Injection (CVE assigned)

Remote | 2014-10-24

High

X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2014-09-24

High

X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability (CVE assigned)

Remote | 2014-09-24

High

OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability (CVE assigned)

Remote | 2014-07-15

Med.

Dotclear <= 2.6.2 (categories.php) SQL Injection (CVE assigned)

Remote | 2014-05-22

High

- Twitter Link
- Website Link
- Zone-H Link
- Description of profile
- email (let us know if you want show public)