CVE-2013-1469

CVE-2013-1469 affects Piwigo where install.php uses the dl parameter, allowing directory traversal to read and delete arbitrary files. The vulnerability is described as a directory traversal issue in Piwigo versions prior to 2.4.7. Connected advisories and scans corroborate that this is a file-ac...

Piwigo 2.4.6 - install.php Arbitrary File ReadDelete

Piwigo 2.4.6 - install.php Arbitrary File ReadDelete Piwigo 2.4.6 install.php Remote Arbitrary File Read/Delete Vulnerability Vendor: Piwigo project Product web page: http://www.piwigo.org Affected version: 2.4.6 Summary: Piwigo is a photo gallery software for the web that comes with powerful...

Piwigo 2.4.6 (install.php) Remote Arbitrary File Read/Delete Vulnerability

Summary Piwigo is a photo gallery software for the web that comes with powerful features to publish and manage your collection of pictures. Description Input passed to the 'dl' parameter in 'install.php' script is not properly sanitised before being used to get the contents of a resource or delet...

CVE-2012-5304

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

Directory traversal

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 language parameter to learn/cubemail/install.php or 2 f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. dot dot in the...

CVE-2012-4251

The CVE-2012-4251 entry corresponds to multiple XSS vulnerabilities in MySQLDumper 1.24.4. Reported affected vectors include index.php (page param), install.php (phase param), sql.php (tablename or dbid params), and restore.php (filename param) within learn/cubemail/. The connected sources confir...

MySQLDumper 1.24.4 - 'install.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...

CS-Cart 1.3.3 - install.php Cross-Site Scripting

CS-Cart 1.3.3 - install.php Cross-Site Scripting Exploit Title: CS CART 1.3.3 INSTALL.PHP XSS Date: 2010-09-08 Author: LogicGate Software Link: http://cs-cart.smartcode.com/ Version: 1.3.3 Tested on: N/A CVE : N/A If "install.php" was not removed after installation simply make an html file with t...

CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting

Exploit Title: CS CART 1.3.3 INSTALL.PHP XSS Date: 2010-09-08 Author: LogicGate Software Link: http://cs-cart.smartcode.com/ Version: 1.3.3 Tested on: N/A CVE : N/A If "install.php" was not removed after installation simply make an html file with the following code and replace by the PATH to...

MusicBox <= v3.3 (install.php) Change Password Vulnerability

Exploit for php platform in category web applications ============================================================ MusicBox = v3.3 install.php Change Password Vulnerability ============================================================ Author : Mr.ThieF Software Link : www.musicboxv2.com Version :...

WHMCS v4.2.1 (install.php) file Vulnerabilities

Exploit for php platform in category web applications =============================================== WHMCS v4.2.1 install.php file Vulnerabilities =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...

Wordpress (install.php) Any Version

Exploit for php platform in category web applications =================================== Wordpress install.php Any Version =================================== + : Author : ThE DarK + : e-Mail : email protected + : Sites : Arab-Hack.net , Sa-Hacker.Com , Gaza-Hack.net , error-y.com + : Software...

Authentication flaw

Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files...

CVE-2010-0380

install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows remote attackers to bypass intended access restrictions and modify application settings via a direct request. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation...

CVE-2010-0380

The CVE-2010-0380 entry concerns JCE-Tech PHP Calendars (install.php) where a direct request can bypass access restrictions and allow modification of application settings. The vulnerability hinges on administrators not following recommendations in the product installation documentation. The provi...

PHPCalendars - Multiple Vulnerabilities

============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...

PHPCalendars - Multiple Vulnerabilities

PHPCalendars - Multiple Vulnerabilities ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note :...

X7CHAT 1.3.6b - Arbitrary Add Admin

X7CHAT 1.3.6b - Arbitrary Add Admin + Author : d4rk-h4ck3r + Email : [email protected] + Site : www.vbspiders.com/vb + Team : Tunisian Security TeaM + Dork : powered by x7 chat 1.3.6b Exploit-DB Notes Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt: "After finishi...

PhotoDiary 1.3 Local File Inclusion

PhotoDiary 1.3 lng Local File Inclusion Vulnerability Discovered by cOndemned download: http://code.google.com/p/photodiary/ source of /admin/install.php lines 9 - 15: if isset$GET'lng' $LNG = $GET'lng'; 1 else $LNG = "ITA"; include "../common/language".$LNG.".php"; 2 proof of concept:...

Traidnt Gallery - Arbitrary Add Admin

|| || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ team wlhaan hacker | | // | | |...