CS Cart 1.3.3 - (install.php) Cross Site Scripting Vulnerability

No description provided by source. Exploit Title: CS CART 1.3.3 INSTALL.PHP XSS Date: 2010-09-08 Author: LogicGate Software Link: http://cs-cart.smartcode.com/ Version: 1.3.3 Tested on: N/A CVE : N/A If install.php was not removed after installation simply make an html file with the following cod...

PHP-Agenda <= 2.2.5 - Remote File Overwriting Vulnerabilities

No description provided by source. Salvatore drosophila Fresta + Application: PHP-agenda + Version: = 2.2.5 + Website: http://php-agenda.sourceforge.net + Bugs: A Remote File Overwriting + Exploitation: Remote + Date: 10 Apr 2009 + Discovered by: Salvatore drosophila Fresta + Author: Salvatore...

Moodle <= 1.8.3 'install.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27259/info Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

No description provided by source. Piwigo 2.4.6 install.php Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: http://www.piwigo.org Affected version: 2.4.6 Summary: Piwigo is a photo gallery software for the web that comes with powerful features to publish a...

McNews 1.x Install.PHP Arbitrary File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 import re from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class McNewsRemoteFileIncludePOCBase: vulID = '78899' version = '1' vulDate = '2005-03-17' author = ' '...

bonfire 0.7 /install.php 信息泄露漏洞

No description provided by source...

PhpSiteManager 1.1.1 Cross Site Scripting

Exploit Title: PhpSiteManager 1.1.1 Cross site scripting Date: 2014 18 March Author: Dr.3v1l Vendor Homepage: http://sourceforge.net/projects/bakari Download : http://filewatcher.com/m/phpSMv1.1.2.tgz.338496-0.html Version : 1.1.1 Tested on: Windows Category: webapps Google Dork: intext:"Powered ...

WebTester 5.x - Multiple Vulnerabilities

========================================================================================== WebTester 5.x Multiple Vulnerabilities ==========================================================================================...

WebTester 5.x Multiple Vulnerabilities

WebTester 5.x Multiple Vulnerabilities suffer from SQL Injection Vulnerability, Arbitrary File Upload Vulnerability, PHPInfo Disclosure and Leftover install.php File. ========================================================================================== WebTester 5.x Multiple Vulnerabilities...

WebTester 5.x - Multiple Vulnerabilities

WebTester 5.x - Multiple Vulnerabilities ========================================================================================== WebTester 5.x Multiple Vulnerabilities ==========================================================================================...

WebTester 5.x SQL Injection / File Upload / Disclosure

========================================================================================== WebTester 5.x Multiple Vulnerabilities ==========================================================================================...

fluxbb存在PHP本地文件包含漏洞

简要描述： 很明显的本地包含 详细说明： 文件：install.php // If we've been passed a default language, use it $installlang = isset$REQUEST'installlang' ? puntrim$REQUEST'installlang' : 'English'; // If such a language pack doesn't exist, or isn't up-to-date enough to translate this page, default to English if...

GLPI install.php Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'GLPI install.php Remote Command...

b2bbuilder 6.6 /install/install.php 安全模式绕过

No description provided by source...

230CMS Remote Code Execution Exploit

Exploit for php platform in category web applications '; $defaulttime = isset$POST'defaulttime' ? $POST'defaulttime' : 'UTC'; $dbhost = isset$POST'dbhost' ? $POST'dbhost' : 'localhost'; $dbname = isset$POST'dbname' ? $POST'dbname' : ''; $dbuser = isset$POST'dbuser' ? $POST'db...

Piwigo install.php dl Parameter Traversal Arbitrary File Access

The version of Piwigo hosted on the remote web server is affected by a directory traversal vulnerability because it fails to properly sanitize user-supplied input to the 'dl' parameter of the 'install.php' script. This vulnerability could allow an unauthenticated, remote attacker to read and dele...

Piwigo Cross Site Request Forgery and Path Traversal Vulnerabilities

Piwigo is prone to cross-site request forgery CSRF and path traversal vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeBSD : piwigo -- CSRF/Path Traversal (edd201a5-8fc3-11e2-b131-000c299b62e1)

High-Tech Bridge Security Research Lab reports : The CSRF vulnerability exists due to insufficient verification of the HTTP request origin in '/admin.php' script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create arbitrary PHP file on the remote...

CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. dot dot in the dl parameter...

CVE-2013-1469

Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. dot dot in the dl parameter...