CVE-2021-27811

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...

CVE-2020-23534

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

CVE-2020-23534

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

Server side request forgery (ssrf)

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

CVE-2020-23534

CVE-2020-23534 is a server-side request forgery (SSRF) vulnerability affecting gopeak masterlab 2.1.5, exploitable via the 'source' parameter in Upgrade.php. The connected records confirm this specific vulnerable component and parameter; no additional exploit details, affected versions beyond 2.1...

CVE-2020-23534

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

ZenTaoPMS (Zendo) Arbitrary Code Execution Vulnerability

ZenTaoPMS ZenTao is home-made open source project management software. ZenTaoPMS Zendo arbitrary code execution vulnerability exists. Due to the ZenTaoPMS software source code in the upgrade.php file module lack of permissions verification , allowing attackers to exploit this vulnerability can be...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2014-5345

The CVE-2014-5345 entry concerns a Cross-Site Scripting (XSS) vulnerability in the Disqus Comment System WordPress plugin’s upgrade.php, exploitable via the step parameter in versions prior to 2.76. Affected software: Disqus Comment System plugin for WordPress (pre-2.76). Root cause: improper han...

Indexu 5.0/5.3 upgrade.php gateway Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...

Link Bid Script 1.5 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. + Link Bid Script 1.5 Multiple Remote SQL Injection + Discovered By SirGod + wWw.MorTal-TeaM.OrG + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke + Remote SQL Injection - Note : For PoC 2 you need administrative rights. Po...

vBulletin install upgrade.php Privilege Escalation (CVE-2013-6129)

A privilege escalation vulnerability has been reported in vBulletin. A remote attacker may exploit this issue by sending a specially crafted POST message to the "install/upgrade.php" component of the server via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameter...

vBulletin remote admin injection exploit

!/usr/bin/perl Title: vBulletin remote admin injection exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Coded: 17 September 2013 Published: 24 October 2013 MorXploit Research http://www.MorXploit.com Vendor: vBulletin www.vbulletin.com Version: 4.1.x / 5.x.x Vulnerability: Remote admi...

vBulletin 4.1.x / 5.x.x Administrative User Injection

!/usr/bin/perl Title: vBulletin remote admin injection exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Coded: 17 September 2013 Published: 24 October 2013 MorXploit Research http://www.MorXploit.com Vendor: vBulletin www.vbulletin.com Version: 4.1.x / 5.x.x Vulnerability: Remote admi...

Design/Logic Flaw

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...

CVE-2013-6129

The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldatapassword, htmldataconfirmpassword, and htmldataemail parameters, as exploited in the wild in October 2013...

CVE-2013-6129

CVE-2013-6129 affects vBulletin 4.1 and 5. The install/upgrade.php component allows remote attackers to create administrative accounts by submitting crafted POST fields (customerid, htmldata[password], htmldata[confirmpassword], htmldata[email]); this was exploited in the wild in October 2013. Co...

CVE-2012-2208

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...

CVE-2012-2208

Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the language parameter...