CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

EUVD-2016-10278

Malware in sbrugna...

EUVD-2023-2393

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2012-0937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL databas...

GHSA-646R-8FCC-P82R Subrion CMS vulnerable to Cross-site Scripting

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

Cross site scripting

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

October CMS Cross-Site Scripting Vulnerability

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. A cross-site scripting vulnerability exists in October CMS version v.3.4.16. An attacker can exploit this vulnerability to execute arbitrary web script by injecting a specially...

CVE-2023-43876

A Cross-Site Scripting XSS vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field...

Design/Logic Flaw

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

CVE-2018-14476

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

CVE-2018-14476

CVE-2018-14476 affects GeniXCMS 1.1.5 and is a cross-site scripting vulnerability exploitable via the installation step 1 parameters. The root cause is reflected in the documentation as XSS through the dbuser or dbhost fields submitted during step 1 of installation, allowing arbitrary web script ...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-05629)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. Revive Adserver has a cross-site scripting vulnerability. Attackers can use the dbHost or dbUser parameter to...

Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

CVE-2014-8749

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

DEBIAN-CVE-2012-0937

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost...

UBUNTU-CVE-2012-0782

DISPUTED Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the...

UBUNTU-CVE-2012-0937

DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via th...