CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

Code injection

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

PT-2024-10615

Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.3.0 Description The issue arises from the Duplicator WordPress plugin's installer script not properly escaping values when replacing them in WordPress configuration files. This could allow...

WordPress Plugin Duplicator Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

BeyondTrust Privilege Management Security Vulnerability

BeyondTrust Privilege Management is the BeyondTrust Privilege Management tool for Windows and Mac SaaS from BeyondTrust USA. A security vulnerability exists in BeyondTrust Privilege Management Mac versions prior to 5.7, which originates from an authenticated, unprivileged user being able to eleva...

Design/Logic Flaw

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An...

CVE-2023-20274

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An...

CVE-2023-20274

CVE-2023-20274 affects Cisco AppDynamics PHP Agent. The issue arises from insufficient permissions set by the PHP Agent Installer on the install directory, enabling a locally authenticated attacker to modify installer-owned objects and execute with PHP privileges, potentially elevating to root on...

CVE-2023-20274

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient permissions that are set by the PHP Agent Installer on the PHP Agent install directory. An...

K00958787: NGINX Controller vulnerability CVE-2020-5867

Security Advisory Description The NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages. CVE-2020-5867 Impact A man-in-the-middle MITM attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge any...

Duplicator < 1.4.7 - Unauthenticated Backup Download

The plugin discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. Find the URL of the actual installer scrip...

CVE-2020-7527

Incorrect Default Permission vulnerability exists in SoMove V2.8.1 and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched...

Default configuration

Incorrect Default Permission vulnerability exists in SoMove V2.8.1 and prior which could cause elevation of privilege and provide full access control to local system users to SoMove component and services when a SoMove installer script is launched...

Design/Logic Flaw

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages...

CVE-2014-2302

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org...

CuckooAutoInstall - Auto Installer Script for Cuckoo Sandbox

What is Cuckoo Sandbox? In three words, Cuckoo Sandbox is a malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an...

webEdition CMS 2.8.0.0 Remote Command Execution

Advisory: Remote Command Execution in webEdition CMS Installer Script RedTeam Pentesting discovered a remote command execution vulnerability in the installer script of the webEdition CMS during a penetration test. If the installer script is not manually removed after installation, attackers canno...

Drupal 7.x < 7.16 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 7.x prior to 7.16. It is, therefore, potentially affected by multiple vulnerabilities : - An arbitrary PHP code execution vulnerability exists due to an error in the 'installer.php' script. An attacker, under certain conditions, could u...