PT-2026-7684

Chevereto 3.13.4 Core contains a remote code execution vulnerability that allows attackers to inject malicious code during database configuration installation. Attackers can manipulate the database table prefix parameter to write a PHP shell file and execute arbitrary system commands through a...

EUVD-2012-1438

Malware in sbrugna...

CVE-2012-1413

Cross-site scripting XSS vulnerability in zcinstall/includes/modules/pages/databasesetup/headerphp.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the dbusername parameter to zcinstall/index.php...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

Exploit-CVE-2023-22518 CVE-2023-22518 in Confluence CVE-2023-22...

Provisioning Services Database Unable to Configure

Provisioning Service database cannot be configured. When configuring the SQL server settings, the following error might appear in the Configuration Wizard log located in C:\ProgramData\Citrix\Provisioning Services\Log: 2013-07-29 14:44:37,864 1 INFO ConfigWizard - ConfigureServices: encrypt the...

VulnCheck KEV: CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

Fedora 31 : roundcubemail (2020-2a1a6a8432)

RELEASE 1.4.6 - Installer: Fix regression in SMTP test section 7417 ---- RELEASE 1.4.5 - Fix bug in extracting required plugins from composer.json that led to spurious error in log 7364 - Fix so the database setup description is compatible with MySQL 8 7340 - Markasjunk: Fix regression in jsevent...

Firmware Analysis Toolkit - Toolkit To Emulate Firmware And Analyse It For Security Vulnerabilities

FAT is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. This is built in order to use for the "Offensive IoT Exploitation " training conducted by Attify. Download AttifyOS Note: As of now, it is simply a script to...

B-XSSRF - Toolkit To Detect And Keep Track On Blind XSS, XXE And SSRF

Toolkit to detect and keep track on Blind XSS, XXE & SSRF. SETUP Upload the files to your server. Create a Database and upload database.sql file to it. Change the DB Credentials in db.php file. Ready. USAGE BLIND XSS BLIND XXE %ext; SSRF GET /testssrf.php=http://mysite.com/bxssrf/request.php...

CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

Duplicator <= 1.2.40 - Unauthenticated Arbitrary Code Execution

If installer files, installer.php and installer-backup.php, are not removed by the administrators, a code injection during the database setup step allows to execute arbitrary code on the server. PoC actionajax=3step=3=nowhere=test=test=test'; fileputcontents"test.php", ' '; /=12345&...

Prithvi - A Report Generation Tool For Security Assessment

A Report Generation Tool for Security Assessment Usage This project of ours could be used for report generation and its very easy to use. It includes following features 1. We can add Owasp Types and recommendation with details. 2. We can add Multiple Projects and work on it separately. 3. We can...

DVWA - Damn Vulnerable Web Application

Damn Vulnerable Web Application DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid...

CrunchRAT - HTTPS-based Remote Administration Tool (RAT)

CrunchRAT currently supports the following features: File upload File download Command execution It is currently single-threaded only one task at a time, but multi-threading or multi-tasking is currently in the works. Additional features will be included at a later date. Server The server-side of...

[FoxOne] Free OSINT Tool - Server Reconnaissance Scanner

FoxOne is a free OSINT tool, described by the author th3j35t3r as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner. Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel o...

DEBIAN-CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...

UBUNTU-CVE-2011-4899

DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct...

PHP Open Chat 3.0.2 Cross Site Scripting

PHPOPENCHAT 3.0.2 Xss AND/OR Full Path Disclosure 1.- Preview This web APP is Vulnerable to xss in its instalation file but you can misconfigurate all the code with this bug also, you must see to understand... 2.- Vulnerable Code function databasesetup if isset$POST'formdata' $host = string...

PHPOPENCHAT 3.0.2 - Cross-Site Scripting ANDOR FPD

PHPOPENCHAT 3.0.2 - Cross-Site Scripting ANDOR FPD The PoC: 1.- Preview This web APP is Vulnerable to xss in its instalation file but you can misconfigurate all the code with this bug also, you must see to understand... 2.- Vulnerable Code function databasesetup if isset$POST'formdata' $host =...

Fedora 11 : rt3-3.8.2-8.fc11 (2009-6899)

Fri Jun 19 2009 Ralf Corsepius - 3.8.2-8 - Address BZ 506885 BZ 506236. - Remove rt-3.4.1-I18N.diff. - Fri Apr 24 2009 Ralf Corsepius - 3.8.2-7 - README.fedora.in: Add --dba root to rt-setup-database BZ 488621. - R: perlXML::RSS BZ 496720. Note that Tenable Network Security has extracted the...