CVE-2024-36334

Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution...

PT-2026-39181

Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...

CVE-2026-33681

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

Summary The objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or an attacker via CSRF to traverse outside the plugin directory and execute the...

CVE-2026-33681

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

CVE-2026-28516

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...

CVE-2026-28515

CVE-2026-28515 overview (openDCIM 23.04 and earlier commits 4467e9c4): The installer and upgrade/LDAP configuration endpoints (install.php and container-install.php) fail to enforce application role checks, allowing any authenticated user to modify configuration when REMOTE_USER is set or when cr...

PT-2026-22426

Name of the Vulnerable Software and Affected Versions openDCIM versions through 23.04 commit 4467e9c4 Description The software contains a SQL injection issue in the Config::UpdateParameter function. The install.php and container-install.php handlers directly incorporate user-provided input into S...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0053-1 Rating: important References: 1258116 1258185 1258199 Cross-References: CVE-2026-2313 CVE-2026-2314 CVE-2026-2315 CVE-2026-2316 CVE-2026-2317 CVE-2026-2318 CVE-2026-2319 CVE-2026-2320 CVE-2026-2321...

CVE-2019-25277

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

CVE-2019-25277

FaceSentry Access Control System 6.4.8 is affected by a cross-site scripting vulnerability in the msg parameter of pluginInstall.php due to unvalidated input. The issue allows injection of arbitrary JavaScript in victim browsers, with potential credential theft and phishing. Affected component: F...

EUVD-2020-18672

Malware in sbrugna...

EUVD-2019-0743

Malware in sbrugna...

EUVD-2015-8443

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-15177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before version 9.5.2, the install/install.php endpoint insecurely stores user input into the database as urlbase and urlbaseapi. These settings are...

BoyunCMS 安全漏洞

BoyunCMS is an enterprise content management system from China Boyun Boyun Company. A security vulnerability exists in BoyunCMS 1.4.20 and earlier versions, which originates from improper handling of the parameter dbpass in the file /install/installok.php, which may lead to code injection...

CVE-2023-1682

A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to t...

CVE-2005-4025

Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user...

PT-2024-40446 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned Description: The issue allows extraction of pre-configured database or default admin account passwords by viewing the source of the page and inspecting the value property of the password fields when...

PT-2024-15763 · Unknown · Oliver Pos

Name of the Vulnerable Software and Affected Versions: The Oliver POS versions up to, and including, 2.4.1.8 Description: The issue is related to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file. This allows authenticated attackers...