EUVD-2026-30984

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

PT-2026-42016

Name of the Vulnerable Software and Affected Versions CtrlPanel versions prior to 1.2.0 Description The web-based installer at the endpoint "public/installer/index.php" allows unauthenticated Remote Code Execution RCE, which is the ability to execute arbitrary commands on a remote machine. The...

CtrlPanel.gg 操作系统命令注入漏洞

CtrlPanel.gg is an open-source hosting service billing management tool developed by CtrlPanel.gg. Versions of CtrlPanel.gg 1.1.1 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Web installer performing the install.lock check...

CVE-2026-33038

CVE-2026-33038 affects WWBN AVideo. In versions 25.0 and earlier, unauthenticated access to the web installer at install/checkConfiguration.php allows full application takeover by letting an attacker supply their own database, admin credentials, and configuration values, executing full initializa...

CVE-2026-33038 AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments

WWBN AVideo is an open source video platform. Versions 25.0 and below are vulnerable to unauthenticated application takeover through the install/checkConfiguration.php endpoint. install/checkConfiguration.php performs full application initialization: database setup, admin account creation, and...

GHSA-2F9H-23F7-8GCX AVideo affected by unauthenticated application takeover via exposed web installer on uninitialized deployments

Summary The install/checkConfiguration.php endpoint performs full application initialization — database setup, admin account creation, and configuration file write — from unauthenticated POST input. The only guard is checking whether videos/configuration.php already exists. On uninitialized...

Microsoft DirectX End-User Runtime Web Installer 安全漏洞

Microsoft DirectX End-User Runtime Web Installer is a component installation tool provided by the American company Microsoft. The version 9.29.1974.0 of Microsoft DirectX End-User Runtime Web Installer contains a security vulnerability. This vulnerability arises from the possibility for...

EUVD-2016-10278

Malware in sbrugna...

Siemens Web Installer

SUMMARY The installers used to install several Siemens products are affected by a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected installer component. This vulnerability poses a risk only...

Epson Web Installer for Mac vulnerable to missing authentication for critical function

Overview Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION contains a missing authentication for critical function vulnerability. Epson Web Installer for Mac provided by SEIKO EPSON CORPORATION is used to install drivers for SEIKO EPSON's products. It contains "helper tool" and...

PT-2025-54638

Name of the Vulnerable Software and Affected Versions Epson printer and scanner firmware Web Installer Epson printer driver installer Description The Epson Web Installer for printer and scanner firmware and the com.epson.InstallNavi.helper tool, included with the Epson printer driver installer,...

CVE-2024-56414

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 Windows before build 39169...

CVE-2024-56414

The CVE-2024-56414 entry describes a vulnerability in Acronis Cyber Protect 16 for Windows prior to build 39169, where the web installer integrity check uses a weak hash algorithm. Affected product/version: Acronis Cyber Protect 16 (Windows) before build 39169. Impact and exploit details are not ...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, network security, and endpoint management features such as vulnerability assessment, URL filtering, patch management, etc.. A security vulnerabili...

PT-2025-3277 · Acronis · Acronis Cyber Protect 16

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 Windows versions prior to build 39169 Description: The web installer integrity check used a weak hash algorithm. This issue affects the Acronis Cyber Protect 16 Windows product. Recommendations: For Acronis Cyber...

SUSE CVE-2009-0737

Multiple cross-site scripting XSS vulnerabilities in the web-based installer config/index.php in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Microsoft Windows DirectX 安全漏洞

Microsoft Windows DirectX is the DirectX End-User Runtime Web Installer from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows DirectX. The following products and versions are affected: Windows 11 Version 22H2 for ARM64-based Systems, Windows 11 Version 22H2 for...

AUVESY Versiondog 资源管理错误漏洞

AUVESY Versiondog is an automated production data and change management software solution from AUVESY Germany. a resource management error vulnerability exists in AUVESY Versiondog, which could be exploited by an attacker to consume resources by generating a large number of installations, which...

CVE-2016-9472

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narr...

CVE-2016-9472

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attack vectors to be possible is extremely narr...