Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

153 matches found

OSV
OSVadded 2024/05/19 7:15 p.m.13 views

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. An update is also available for the 2022.11 series...

7.5CVSS6.8AI score
Exploits0References2
NVD
NVDadded 2024/05/19 7:15 p.m.8 views

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. An update is also available for the 2022.11 series...

7.5CVSS6.5AI score0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/05/19 6:48 p.m.7 views

CVE-2024-36070

tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php. An update is also available for the 2022.11 series...

6.8AI score0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/05/19 12:0 a.m.2 views

PT-2024-26880 · Tine · Tine

Name of the Vulnerable Software and Affected Versions: tine versions prior to 2023.11.8 Description: The issue allows anonymous remote attackers to obtain sensitive authentication information via setup.php because of getRegistryData in Setup/Frontend/Json.php, when an LDAP backend is used...

7.5CVSS6.8AI score0.00272EPSS
Exploits0References8
CNNVD
CNNVDadded 2024/05/19 12:0 a.m.3 views

tine 安全漏洞

tine is a team collaboration software from tine, Inc. A security vulnerability exists in versions of tine prior to 2023.11.8, which stems from a vulnerability that allows remote attackers to obtain sensitive authentication information via setup.php...

7.5CVSS6.6AI score0.00272EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/02/27 3:0 p.m.17 views

CVE-2024-1921 osuuu LightPicture Setup.php unrestricted upload

A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the...

5.8CVSS7.1AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/02/27 12:0 a.m.3 views

PT-2024-18423 · Unknown · Osuuu Lightpicture

Name of the Vulnerable Software and Affected Versions: osuuu LightPicture versions up to 1.2.2 Description: A critical issue was found in osuuu LightPicture, affecting an unknown function of the file /app/controller/Setup.php. This issue leads to unrestricted upload and can be exploited remotely...

9.8CVSS5.1AI score0.00122EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEVadded 2023/11/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2018-11686

The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php...

9.8CVSS7.8AI score0.92639EPSS
Exploits4References1
OSV
OSVadded 2023/08/11 2:15 p.m.1 views

CVE-2021-25857

An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the fonttype parameter to setup.php...

7.2CVSS6.1AI score
Exploits0References1
Prion
Prionadded 2023/08/11 2:15 p.m.19 views

Code injection

An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the fonttype parameter to setup.php...

5.8CVSS7.2AI score0.00124EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2023/02/22 9:15 p.m.8 views

CVE-2023-22974

A Path Traversal in setup.php in OpenEMR 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server...

7.5CVSS7.4AI score
Exploits0References2
Prion
Prionadded 2023/02/22 9:15 p.m.12 views

Path traversal

A Path Traversal in setup.php in OpenEMR 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server...

5CVSS7.3AI score0.04471EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVEadded 2023/02/15 6:10 a.m.1 views

SUSE CVE-2007-5386

Cross-site scripting XSS vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string...

4.3CVSS6AI score0.11824EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 3:28 a.m.1 views

SUSE CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

3.7CVSS6.8AI score0.9261EPSS
Exploits1References5
NVD
NVDadded 2022/01/13 4:15 p.m.15 views

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

5.3CVSS0.9261EPSS
Exploits1References5
AlpineLinux
AlpineLinuxadded 2022/01/13 4:15 p.m.120 views

CVE-2022-23134

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

5.3CVSS3.7AI score0.9261EPSS
Exploits1
CNVD
CNVDadded 2021/06/25 12:0 a.m.13 views

phpwcms code injection vulnerability

phpwcms is an open source Web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. phpwcms suffers from a code injection vulnerability that can be exploited by attackers via /phpwcms/setup/setup.php...

9.8CVSS4.1AI score0.00592EPSS
Exploits1References1
NVD
NVDadded 2021/06/24 4:15 p.m.10 views

CVE-2020-21784

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

9.8CVSS0.00592EPSS
Exploits1References2
Prion
Prionadded 2021/06/24 4:15 p.m.13 views

Code injection

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

7.5CVSS9.6AI score0.00592EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2021/06/24 3:29 p.m.12 views

CVE-2020-21784

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

9.7AI score0.00592EPSS
Exploits1References2
Rows per page
Query Builder