CVE-2026-28355

Canarytokens help track activity and actions on a network. Versions prior to sha-7ff0e12 have a Self Cross-Site Scripting vulnerability in the "PWA" Canarytoken, whereby the Canarytoken's creator can attack themselves or someone they share the link with. The creator of a PWA Canarytoken can inser...

EUVD-2018-13120

Malware in sbrugna...

CVE-2022-4980

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

CVE-2022-4980

General Bytes CAS suffered an authentication bypass in the admin web interface affecting versions 20201208–20220531.38 (backport) and 20220725.22 (mainline). An unauthenticated attacker could hit the default/install/first-admin page to create a new admin account, gain privileges, and redirect fun...

CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page

General Bytes Crypto Application Server CAS beginning with version 20201208 prior to 20220531.38 backport and 20220725.22 mainline contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL used by the product's default-installation /...

MyBB Cross-Site Scripting Vulnerability (CNVD-2024-46255)

MyBB is a free and open source forum software, written in PHP, supporting MySQL, MariaDB, PostgreSQL and SQLite databases. A cross-site scripting vulnerability exists in MyBB. The vulnerability is related to the component installindex.php, which does not adequately clean up the websitename...

Remote Code Execution

Dolibarr is vulnerable to remote code execution. By default, it is possible to add any administrator to the installation page, which enables the malicious user to inject and execute malicious code on the target system due to improper validations in the verifCond function in functions.lib.php...

UBUNTU-CVE-2022-40871

Dolibarr ERP & CRM =15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval...

Dolibarr ERP/CRM 代码注入漏洞

Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system from the French Dolibarr Foundation. The system can be used to manage products, inventory, invoices, orders, etc. An access control error vulnerability exists in Dolibarr ERP/CRM 15.0....

POST Based Reflected Cross Site Scripting in installation page

Description The installation page in Elgg ≤ v4.3.3 is vulnerable to Cross-Site Scripting attack via 'dataroot' parameter. Steps to Reproduce 1. Freshly install the Elgg in your web-server and proceed to "Database Installation Page". 2. Enter the following payload in "Data Directory" field and fil...

DouCo DouPHP Information Disclosure Vulnerability

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A security vulnerability exists in DouCo DouPHP version 1.5 20181221. An attacker can exploit the vulnerability to obtain the full path in the error message 'Smarty error: unable to read resource' with...

CVE-2018-20566

An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in "Smarty error: unable to read resource" error messages for a crafted installation page...

Xiuno BBS system is vulnerable to system reinstallation.

Xiuno BBS is an open source lightweight forum system. Xiuno BBS system suffers from a system reinstallation vulnerability. The vulnerability stems from the fact that the installation directory is not protected or filtered after the system is installed, and an attacker can reinstall the system...

Multiple Bugs Haunt WordPress Setup

Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a sma...

PHPCalendars Multi Vulnerability

Exploit for unknown platform in category web applications ================================ PHPCalendars Multi Vulnerability ================================ » Script: PHPCalendars » Language: PHP » Download: http://scripti.org/scriptcalendarstore-alisveris-scripti125621.html === Exploit And Do...