CVE-2014-8365

Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...

CVE-2014-8365

CVE-2014-8365 affects the Xornic Contact Us component, with XSS weaknesses exploitable via the name or email fields of contact.php or by PATH_INFO to setup.php, related to the PHP_SELF variable. The connected documents confirm this vulnerability class but do not provide product version details, c...

@lex Poll 1.2 - 'setup.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28520/info @lex Poll is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (php 2)

No description provided by source. ? / PHP Stat Administrative User Authentication Bypass POC Exploit Code by Nikyt0x - Soulblack Security Research Advisory: http://www.soulblack.com.ar/repo/papers/phpstatadvisory.txt Saludos: Soulblack Staff, Status-x, NeosecurityTeam, KingMetal, SWP,...

PhpMyAdmin Config File Code Injection

漏洞位置在scripts/setup.php 1315行开始： case 'save': $config = @fopen'./config/config.inc.php', 'w'; //以写的方式打开 if $config === FALSE message'error', 'Could not open config file for writing! Bad permissions?'; break; $s = getcfgstring$configuration; //$configuration = unserialize$POST'configuration'; $r =...

phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (perl)

No description provided by source. !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR - PHPStat Setup.PHP Authentication Bypass Vulnerability Exploit By : A l p h a P r o g r a m m e r Sirus-v E-Mail : [email protected] This Xpl Change Admin's Pass in...

Audins Audiens 3.3 setup.php PATH_INFO Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22728/info Audins Audiens is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because the application fails to sufficiently sanitize user-supplied input...

phpStat <= 1.5 (setup.php) Authentication Bypass Exploit (php)

No description provided by source. ?php errorreportingEPARSE; / ================================================================ PHP Stat Administrative User Authentication Bypass POC Exploit ================================================================ ====Trap-Set Underground Hacking...

CVE-2011-5160

Cross-site scripting XSS vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter...

CVE-2011-5160

Cross-site scripting XSS vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter...

phpmyadmin 3.4.6 setup.php 跨站脚本漏洞

No description provided by source...

phpMyAdmin Setup接口跨站脚本漏洞

Bugtraq ID: 50175 CVE ID：CVE-2011-4064 phpMyAdmin是一款基于PHP的MySQL管理程序。 部分传递给setup.php的输入在返回用户之前缺少过滤，攻击者构建恶意链接，诱使用户解析，可导致恶意脚本在目标用户浏览器上执行，可获得目标用户敏感信息或劫持用户会话。 如果存在配置目录并可写，那么XSS负载可保存在此目录中。 phpMyAdmin 3.x 厂商解决方案 phpMyAdmin 3.4.6已经修复此漏洞，建议用户下载使用： http://www.phpmyadmin.net/ !/usr/bin/env python coding:...

HTB22922: XSS vulnerabilities in phpAlbum.net

Vulnerability ID: HTB22922 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpalbumnet.html Product: phpAlbum.net Vendor: Patrik Jakab http://www.phpalbum.net/ Vulnerable Version: 0.4.1-14fix06 Vendor Notification: 31 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

phpMyAdmin setup.php Verbose Server Name XSS (PMASA-2010-7)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input to the 'verbose server name' field. A remote attacker could exploit this by tricking a user into executing arbitrary script code. %NASLMINLEVEL 70300 C Tenable...

Cross site request forgery (csrf)

The configuration setup script aka scripts/setup.php in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request...

Debian Security Advisory DSA 2034-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 2034-1. OpenVAS Vulnerability Test $Id: deb20341.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2034-1 phpmyadmin Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Debian DSA-2034-1 : phpmyadmin - several vulnerabilities

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-7251 phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, wi...

Debian DSA-1918-1 : phpmyadmin - several vulnerabilities

Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-3696 Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web...

phpMyAdmin setup.php unserialize() Arbitrary PHP Code Execution (PMASA-2010-3)

The setup script included with the version of phpMyAdmin installed on the remote host does not properly sanitize user-supplied input before using it to generate a config file for the application. Submitting a specially crafted POST request can result in arbitrary PHP code injection. A remote...