OpenImageIO 缓冲区错误漏洞

OpenImageIO is OpenImageIO open source an image processing library . With an easy to use interface and a large number of supported image formats. A buffer error vulnerability exists in OpenImageIO version v2.4.7.1, which stems from an out-of-bounds read vulnerability that can be exploited by an...

VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution

!/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller has 2 users + Host domaintest.fr is connected /...

VHCS 2.4.7.1 - vhcs2_daemon Remote Code Execution

VHCS 2.4.7.1 - vhcs2daemon Remote Code Execution !/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller...

Session fixation

Session fixation vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...

CVE-2006-0683

Cross-site scripting XSS vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log...

Design/Logic Flaw

adduser.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access...

CVE-2006-0683

Cross-site scripting XSS vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log...

CVE-2006-0684

CVE-2006-0684 affects Virtual Hosting Control System (VHCS) and is triggered by the change_password.php flow in VHCS 2.4.7.1 and earlier, where the system does not verify the old password when a user changes their password. This behavioral flaw can allow remote attackers to gain unauthorized acce...

CVE-2006-0686

adduser.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access...