ID OSVDB:17135 Type osvdb Reporter Zackarin Smitz(zackerius12@linuxmail.org) Modified 2005-06-06T08:53:15
Description
Vulnerability Description
Lpanel contains a flaw that may allow a remote denial of service. The issue is triggered when a logged in user modifies the DNS settings for another domain managed by Lpanel. It could result in loss of availability for the Domain.
Technical Description
By modifying the "editdomain" variable when accessing domains.php a logged in user can modify the settings of another domain managed by Lpanel.
Solution Description
Upgrade to version 1.597 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Short Description
Lpanel contains a flaw that may allow a remote denial of service. The issue is triggered when a logged in user modifies the DNS settings for another domain managed by Lpanel. It could result in loss of availability for the Domain.
{"enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2017-04-28T13:20:13", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-1932"]}, {"type": "osvdb", "idList": ["OSVDB:17133", "OSVDB:17134", "OSVDB:17136"]}], "modified": "2017-04-28T13:20:13", "rev": 2}, "vulnersScore": 5.6}, "bulletinFamily": "software", "affectedSoftware": [{"name": "lpanel", "operator": "eq", "version": "1.59"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:17135", "id": "OSVDB:17135", "title": "Lpanel viewreceipt.php Arbitrary Invoice Access", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "lastseen": "2017-04-28T13:20:13", "edition": 1, "reporter": "Zackarin Smitz(zackerius12@linuxmail.org)", "description": "## Vulnerability Description\nLpanel contains a flaw that may allow a remote denial of service. The issue is triggered when a logged in user modifies the DNS settings for another domain managed by Lpanel. It could result in loss of availability for the Domain.\n## Technical Description\nBy modifying the \"editdomain\" variable when accessing domains.php a logged in user can modify the settings of another domain managed by Lpanel.\n## Solution Description\nUpgrade to version 1.597 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nLpanel contains a flaw that may allow a remote denial of service. The issue is triggered when a logged in user modifies the DNS settings for another domain managed by Lpanel. It could result in loss of availability for the Domain.\n## References:\nVendor URL: http://www.lpanel.net/\nVendor Specific News/Changelog Entry: http://www.lpanel.net/changelog.php\n[Secunia Advisory ID:15589](https://secuniaresearch.flexerasoftware.com/advisories/15589/)\n[Related OSVDB ID: 17132](https://vulners.com/osvdb/OSVDB:17132)\n[Related OSVDB ID: 17134](https://vulners.com/osvdb/OSVDB:17134)\n[Related OSVDB ID: 17136](https://vulners.com/osvdb/OSVDB:17136)\n[Related OSVDB ID: 17133](https://vulners.com/osvdb/OSVDB:17133)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0030.html\n[CVE-2005-1932](https://vulners.com/cve/CVE-2005-1932)\n", "modified": "2005-06-06T08:53:15", "viewCount": 0, "published": "2005-06-06T08:53:15", "cvelist": ["CVE-2005-1932"], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:24:37", "description": "Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php.", "edition": 4, "cvss3": {}, "published": "2005-07-05T04:00:00", "title": "CVE-2005-1932", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1932"], "modified": "2008-09-05T20:50:00", "cpe": ["cpe:/a:lpanel:lpanel:1.594", "cpe:/a:lpanel:lpanel:1.59", "cpe:/a:lpanel:lpanel:1.596", "cpe:/a:lpanel:lpanel:1.593"], "id": "CVE-2005-1932", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1932", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:lpanel:lpanel:1.59:*:*:*:*:*:*:*", "cpe:2.3:a:lpanel:lpanel:1.594:*:*:*:*:*:*:*", "cpe:2.3:a:lpanel:lpanel:1.593:*:*:*:*:*:*:*", "cpe:2.3:a:lpanel:lpanel:1.596:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-1932"], "edition": 1, "description": "## Technical Description\nThis requires a valid user account on the Lpanel system.\n## Solution Description\nUpgrade to version 1.597 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.lpanel.net/\nVendor Specific News/Changelog Entry: http://www.lpanel.net/changelog.php\n[Secunia Advisory ID:15589](https://secuniaresearch.flexerasoftware.com/advisories/15589/)\n[Related OSVDB ID: 17135](https://vulners.com/osvdb/OSVDB:17135)\n[Related OSVDB ID: 17132](https://vulners.com/osvdb/OSVDB:17132)\n[Related OSVDB ID: 17136](https://vulners.com/osvdb/OSVDB:17136)\n[Related OSVDB ID: 17133](https://vulners.com/osvdb/OSVDB:17133)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0030.html\n[CVE-2005-1932](https://vulners.com/cve/CVE-2005-1932)\n", "modified": "2005-06-06T08:53:15", "published": "2005-06-06T08:53:15", "href": "https://vulners.com/osvdb/OSVDB:17134", "id": "OSVDB:17134", "title": "Lpanel domains.php Arbitrary Domain Modification", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-1932"], "edition": 1, "description": "## Technical Description\nThis requires a valid user account on the Lpanel system.\n## Solution Description\nUpgrade to version 1.597 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.lpanel.net/\nVendor Specific News/Changelog Entry: http://www.lpanel.net/changelog.php\n[Secunia Advisory ID:15589](https://secuniaresearch.flexerasoftware.com/advisories/15589/)\n[Related OSVDB ID: 17135](https://vulners.com/osvdb/OSVDB:17135)\n[Related OSVDB ID: 17132](https://vulners.com/osvdb/OSVDB:17132)\n[Related OSVDB ID: 17134](https://vulners.com/osvdb/OSVDB:17134)\n[Related OSVDB ID: 17136](https://vulners.com/osvdb/OSVDB:17136)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0028.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0032.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0029.html\n[CVE-2005-1932](https://vulners.com/cve/CVE-2005-1932)\n", "modified": "2005-06-06T08:53:15", "published": "2005-06-06T08:53:15", "href": "https://vulners.com/osvdb/OSVDB:17133", "id": "OSVDB:17133", "title": "Lpanel view_ticket.php Arbitrary Ticket Manipulation", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-28T13:20:13", "bulletinFamily": "software", "cvelist": ["CVE-2005-1932"], "edition": 1, "description": "## Vulnerability Description\nlpanel contains a flaw that may allow a remote denial of service. The issue is triggered when a user uses diagnose.php to reset the DNS of an arbitrary domain managed by lpanel, and will result in loss of availability for the domain.\n## Solution Description\nUpgrade to version 1.597 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nlpanel contains a flaw that may allow a remote denial of service. The issue is triggered when a user uses diagnose.php to reset the DNS of an arbitrary domain managed by lpanel, and will result in loss of availability for the domain.\n## References:\nVendor URL: http://www.lpanel.net/\nVendor Specific News/Changelog Entry: http://www.lpanel.net/changelog.php\n[Secunia Advisory ID:15589](https://secuniaresearch.flexerasoftware.com/advisories/15589/)\n[Related OSVDB ID: 17135](https://vulners.com/osvdb/OSVDB:17135)\n[Related OSVDB ID: 17132](https://vulners.com/osvdb/OSVDB:17132)\n[Related OSVDB ID: 17134](https://vulners.com/osvdb/OSVDB:17134)\n[Related OSVDB ID: 17133](https://vulners.com/osvdb/OSVDB:17133)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0033.html\n[CVE-2005-1932](https://vulners.com/cve/CVE-2005-1932)\n", "modified": "2005-06-06T08:53:15", "published": "2005-06-06T08:53:15", "href": "https://vulners.com/osvdb/OSVDB:17136", "id": "OSVDB:17136", "title": "Lpanel diagnose.php Arbitrary Domain DNS Setting Reset DoS", "type": "osvdb", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
