47 matches found
CVE-2026-13529
A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...
EUVD-2026-40026
A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack...
CVE-2024-36334
Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...
PT-2026-39181
Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...
CVE-2026-33681
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...
AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name
Summary The objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or an attacker via CSRF to traverse outside the plugin directory and execute the...
CVE-2026-33681
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...
CVE-2026-28516
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...
CVE-2026-28515
CVE-2026-28515 overview (openDCIM 23.04 and earlier commits 4467e9c4): The installer and upgrade/LDAP configuration endpoints (install.php and container-install.php) fail to enforce application role checks, allowing any authenticated user to modify configuration when REMOTE_USER is set or when cr...
PT-2026-22426
Name of the Vulnerable Software and Affected Versions openDCIM versions through 23.04 commit 4467e9c4 Description The software contains a SQL injection issue in the Config::UpdateParameter function. The install.php and container-install.php handlers directly incorporate user-provided input into S...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0053-1 Rating: important References: 1258116 1258185 1258199 Cross-References: CVE-2026-2313 CVE-2026-2314 CVE-2026-2315 CVE-2026-2316 CVE-2026-2317 CVE-2026-2318 CVE-2026-2319 CVE-2026-2320 CVE-2026-2321...
CVE-2019-25277
FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...
CVE-2019-25277
FaceSentry Access Control System 6.4.8 is affected by a cross-site scripting vulnerability in the msg parameter of pluginInstall.php due to unvalidated input. The issue allows injection of arbitrary JavaScript in victim browsers, with potential credential theft and phishing. Affected component: F...
EUVD-2015-8443
Malware in sbrugna...
EUVD-2019-0743
Malware in sbrugna...
EUVD-2020-18672
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-15177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are...
BoyunCMS 安全漏洞
BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter dbpass in the file /install/installok.php, which may lead to code injection...
CVE-2023-1682
A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to t...
CVE-2005-4025
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user...