SS-2015-016: XSS in install.php

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-016/...

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

Hive 2.0 RC2 XSS / Code Execution / SQL Injection

| Title : Hive v2.0 RC2 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : "Powered by DigitalHive" | Tested on: windows 8.1 Français V.Pro | Bug : Stop Script | Download : http:///www.digitalhive.com ======================================= Stop SCript working :...

PHPB2B某处漏洞直接查看mysql密码

简要描述： PHPB2B某处漏洞直接查看mysql密码 详细说明： PHPB2B某处漏洞直接查看mysql密码 官网下载的最新版 install/install.php 安装文件，查看下代码。 ?php / PHPB2B Copyright C 2007-2099, Ualink Inc. All Rights Reserved. The contents of this file are subject to the License; you may not use this file except in compliance with the License. @version...

CVE-2014-9574

CVE-2014-9574 affects FluxBB

FluxBB Native PHP File Inclusion Vulnerability

FluxBB is a PHP-based forum program. FluxBB suffers from a local PHP file inclusion vulnerability. A remote attacker can execute arbitrary "install.php" from a file in any directory using a directory traversal server e.g. ". /" sequence to execute an arbitrary "install.php"...

CVE-2014-9571

Cross-site scripting XSS vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter...

CVE-2014-9571

Cross-site scripting XSS vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter...

CVE-2014-9571

Cross-site scripting XSS vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter...

CVE-2014-9571

CVE-2014-9571 affects MantisBT versions in the 1.2.x line before 1.2.19 and 1.3.x before 1.3.0-beta.2. The vulnerability is an XSS in admin/install.php that allows remote attackers to inject arbitrary web script or HTML via the admin_username or admin_password parameters. Exploitation could occur...

Mao10CMS可直接重装

简要描述： rt 详细说明： 下载源码之后，搭建完该cms之后。发现install.php文件还在。 errorreporting0; header"Content-Type: text/html; charset=utf-8"; $siteurl = "http://".$SERVER"HTTPHOST".$SERVER'PHPSELF'; $siteurl = pregreplace"//a-z0-9+.php./is", "", $siteurl; if$POST'dbhost' && $POST'dbname' && $POST'dbuser' &&...

CVE-2014-9185

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the siteurl parameter...

CVE-2014-9185

Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the siteurl parameter...

HybridAuth <= 2.2.2 'install.php' RCE Vulnerability

HybridAuth is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HybridAuth install.php PHP Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HybridAuth install.php PHP Code Execution', 'Description' = %q This module exploits a PHP code execution vulnerability in HybridAuth...

HybridAuth install.php PHP Code Execution

This module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite th...

Open Web Analytics 1.5.7 Cross Site Scripting / Remote File Inclusion

Exploit Title : Open Web Analytics - v: 1.5.7 multiple vulnerability Author : Govind Singh aka NullPort Vendor : http://www.openwebanalytics.com/ Download Link : http://downloads.openwebanalytics.com/ Google Dork : "powered by Open Web Analytics" Date : 14/07/2014 Discovered at : IHT Lab 1ND14N...

ttCMS 2.2 / ttForum 1.1 install.php installdir Parameter Remote File Inclusion

No description provided by source...