X2Engine < 3.5.1 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is prior to version 3.5.1. It is, therefore, potentially affected by multiple vulnerabilities : - A PHP file inclusion vulnerability exists due to insufficient sanitization of the 'file' HTTP GET paramete...

X2Engine < 4.0 ProfileController.php Unrestricted File Upload Vulnerability

According to its version number, the X2Engine application installed on the remote web server is prior to version 4.0. It is, therefore, potentially affected by a file upload vulnerability in the '/protected/controllers/ProfileController.php' script. An attacker can exploit this issue to upload...

X2Engine < 3.7.4 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is prior to version 3.7.4. It is, therefore, potentially affected by multiple vulnerabilities : - Multiple SQL injection vulnerabilities exist in the 'lastEventId' and 'lastTimestamp' HTTP GET parameters ...

X2Engine Detection

Binary data x2enginedetect.nbin...

X2Engine < 4.2 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...

[KIS-2014-09] X2Engine &lt;= 4.1.7 &#40;SiteController.php&#41; PHP Object Injection Vulnerability

------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...

[KIS-2014-10] X2Engine &lt;= 4.1.7 &#40;FileUploadsFilter.php&#41; Unrestricted File Upload Vulnerability

-------------------------------------------------------------------------------- X2Engine = 4.1.7 FileUploadsFilter.php Unrestricted File Upload Vulnerability -------------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected...

CVE-2014-5298

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...

CVE-2014-5297

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

Unrestricted file upload

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...

Server side request forgery (ssrf)

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

CVE-2014-5297

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery SSRF attacks via crafted serialized data in the report parameter...

CVE-2014-5297

The CVE-2014-5297 entry affects X2Engine 2.8–4.1.7, specifically the actionSendErrorReport method in protected/controllers/SiteController.php. The vulnerability arises from taking user-supplied data in the POST parameter report, applying base64_decode followed by unserialize without proper saniti...

CVE-2014-5298

CVE-2014-5298 affects X2Engine

CVE-2014-5298

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated...

X2Engine CRM 4.2.1 Cross Site Scripting

Affected Vendor: http://www.x2engine.com/ Date: 24/09/2014 Discovered by: JoeV Type of vulnerability: XSS Tested on: Windows 7 Version : 4.2.1 Description: X2Engine CRM v 3.3.3 is susceptible to Cross Site Scripting attack. Proof of Concept PoC: --------------------------- POST...

X2Engine 4.1.7 Unrestricted File Upload

-------------------------------------------------------------------------------- X2Engine = 4.1.7 FileUploadsFilter.php Unrestricted File Upload Vulnerability -------------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected...

X2Engine 4.1.7 PHP Object Injection / Unrestricted File Upload Vulnerabilies

X2Engine versions 2.8 through 4.1.7 suffer from a PHP object injection and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist. ------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection...

X2Engine 4.1.7 PHP Object Injection

------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...

X2Engine 3.7.3 Cross Site Scripting / Shell Upload / SQL Injection

============================================================== Title ...| Multiple vulnerabilities in X2Engine Version .| X2Engine 3.7.3 Date ....| .02.2014 Found ...| HauntIT Blog Home ....| ============================================================== + For admin logged in...