CVE-2007-5593

install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified...

tomsgb10-xss.txt

Software: Guestbook Title: Toms Gästebuch 1.00 Version: 1.0 Type: XSS Date: Sat Aug 11 21:52:08 CEST 2007 Vendor: Fitz Thomas Page: http://www.toms-seiten.at/ vulnerability: ---------------------------- http://example.com/form.php?action=show&homepage=XSS&mail=XSS&name=XSS...

Gstebuch Version 1.5 Remote Command Execution Vulnerability

Gastebuch Version 1.5 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Gastebuch Version Version : 1.5 Site : http://www.mapos-scripts.de/downloads.php?download=11 Founder : Rizgar Contact : [email protected] and...

CVE-2007-1073

CVE-2007-1073 involves a static code injection in mcRefer’s install.php. The bgcolor parameter is inserted into mcrconf.inc.php, enabling remote PHP code execution. The vulnerability affects install.php in mcRefer and can lead to complete compromise of affected systems. The available documents do...

CVE-2007-0875

SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database...

CVE-2007-0875

The vulnerability CVE-2007-0875 affects mcRefer’s install.php, where a SQL injection could allow remote execution of arbitrary SQL via unspecified vectors. A third party disputes that the file uses a SQL database. The connected sources do not provide a confirmed fix or affected versions; exploita...

PT-2007-2317 · Mcrefer · Mcrefer

Name of the Vulnerable Software and Affected Versions: mcRefer affected versions not specified Description: The issue concerns a SQL injection vulnerability in the install.php file of mcRefer, potentially allowing remote attackers to execute arbitrary SQL commands via unspecified vectors. However...

CVE-2007-0704

PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation...

Remote file inclusion

PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation...

CVE-2007-0704

PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation...

CVE-2007-0230

CS-Cart 1.3.3 contains a PHP remote file inclusion in install.php via the install_dir parameter, potentially allowing remote code execution. Several sources note that the vulnerability is disputed because install_dir is defined before use, and no specific exploit details are provided in the docum...

PT-2007-1711 · Cs Cart · Cs-Cart

Name of the Vulnerable Software and Affected Versions: CS-Cart version 1.3.3 Description: A remote file inclusion issue in the install.php file allows remote attackers to execute arbitrary PHP code via a URL in the install dir parameter. Recommendations: For CS-Cart version 1.3.3, as a temporary...

CVE-2006-4979

The CVE-2006-4979 entry concerns a Direct static code injection vulnerability in cfgphpquiz/install.php for Walter Beschmout PhpQuiz 1.2 and earlier. The underlying flaw lets remote attackers inject arbitrary PHP code into config.inc.php by submitting modified configuration settings, enabling pot...

CVE-2006-4865

Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors...

phpquiz.txt

phpQuiz sensitive file install.php without authentification + Files containing interesting info passwords for sql db By : sn0oPy Risk : verry high Site : http://phpquiz.com/ Dork : intitle:"phpQuiz" | " Développé par PhpQuiz v.1.0 " | "© PhpQuiz" | inurl:"PhpQuiz" exploit :...

phpQuiz 0.1.2 - SQL Injection / Code Execution

Title: PHPQuiz Download File phpquiz/imgquiz/ folder is by defaut writable so after uploading a simple phpshell w...

CVE-2006-4678

PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the NEAbsPath parameter in 1 install.php and 2 migrateNE2toNE3.php...

CVE-2006-2540

Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers...

CVE-2006-2540

The CVE-2006-2540 issue affects a Diesel PHP Job Site component (install.php) in which sensitive data (user credentials) is sent to an email address controlled by the product developers, causing a privacy leak. The published description identifies a leakage of credentials and other sensitive info...

VCardLITE-2.4.txt

=========================================================== Title: Vcard Lite Remote Vulnerabilitie Vulnerability discovery: Disruptor Date: 11/02/2006 Severity: Remote Users Can Execute Arbitrary Code. Affected version: . ------------------------------------------------------------- Fix 1-Remove...