239 matches found
Stack overflow
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall CSF before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service crash via a long string in an admin.list file...
CVE-2011-5033
ConfigServer Security & Firewall (CSF) contains a stack-based buffer overflow in CFS.c affecting CSF before 5.43 when run on a DirectAdmin server. Local users can crash the service by supplying a long string in the admin.list file, per CVE-2011-5033. The vulnerability details are supported by mul...
CVE-2011-5033
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall CSF before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service crash via a long string in an admin.list file...
CSF Firewall Buffer Overflow
Exploit for linux platform in category dos / poc Exploit Title: CSF Firewall Buffer overflow p0c DownLoaD : http://www.configserver.com/free/csf.tgz Date: 2011-12-09 Author: FoX HaCkEr site : www.sec4ever.com MaiL : email protected Tested on: CentOS3/4...
DirectAdmin硬链接本地特权提升漏洞
Bugtraq ID: 47690 DirectAdmin是一款功能强大的虚拟主机在线管理系统。 当创建备份时不正确检查部分硬链接,本地攻击者可以通过硬链接攻击操作部分文件,提升特权。 JBMC Software DirectAdmin 1.33.6 JBMC Software DirectAdmin 1.33.4 JBMC Software DirectAdmin 1.33.3 JBMC Software DirectAdmin 1.30.2 JBMC Software DirectAdmin 1.30.1 JBMC Software DirectAdmin 1.381 JBMC...
DirectAdmin 'mysql_backup'文件夹信息泄露漏洞
Bugtraq ID: 47693 DirectAdmin是一款功能强大的虚拟主机在线管理系统。 DirectAdmin把MySQL数据库备份文件创建在全局可读的"mysqlbackups"文件夹中,可导致泄露MySQL数据库备份内容。 要成功利用漏洞需要CustomBuild用于更新MySQL数据库,并且"mysqlbackup"设置为"yes"。 JBMC Software DirectAdmin 1.33.6 JBMC Software DirectAdmin 1.33.4 JBMC Software DirectAdmin 1.33.3 JBMC Software...
DirectAdmin 0day-vulnerability warning-the black bar safety net
Generally LINUX is a virtual host, it is difficult to mention the right, it is difficult to rebound. MSF and PHP that vulnerability is the exception. It may not be. If there is a management platform DirectAdmin Then you can be successful The default login address http://ip:2222/ In LINUX under...
DirectAdmin 1.34.4 Cross Site Request Forgery
============================================================================= Title : Multi CSRF vulnerability in DirectAdmin 1.34.4 Date : 20-3-2010 Version : 1.34.4 Author : K053 K053.Dev0te3 AT gmail Tested on : Ubuntu Vendor : http://www.directadmin.com/ Download :...
Multi CSRF vulnerability in DirectAdmin (1.34.4)
Exploit for unknown platform in category web applications ================================================ Multi CSRF vulnerability in DirectAdmin 1.34.4 ================================================ ============================================================================= Title : Multi CS...
DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys
DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys ============================================================================= Title : Multi CSRF vulnerability in DirectAdmin 1.34.4 Date : 20-3-2010 Version : 1.34.4 Author : K053 K053.Dev0te3 AT gmail Tested on : Ubuntu Vendor :...
DirectAdmin 1.34.4 - Multiple Cross-Site Request Forgerys
============================================================================= Title : Multi CSRF vulnerability in DirectAdmin 1.34.4 Date : 20-3-2010 Version : 1.34.4 Author : K053 K053.Dev0te3 AT gmail Tested on : Ubuntu Vendor : http://www.directadmin.com/ Download :...
DirectAdmin <= v1.35.1 XSS vuln.
DirectAdmin = v1.35.1 XSS vuln. Vuln. discovered by : r0t Date: 15 March 2010 vendor:http://www.directadmin.com/ affected versions:v1.35.1 and other versions also can be affected. orginal advisory:http://pridels-team.blogspot.com/2010/03/directadmin-v1351-xss-vuln.html DirectAdmin contains a flaw...
DirectAdmin 1.33.6 - CMD_DB_VIEW Cross-Site Scripting
DirectAdmin 1.33.6 - CMDDBVIEW Cross-Site Scripting source: https://www.securityfocus.com/bid/38721/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary...
DirectAdmin 1.33.6 - 'CMD_DB_VIEW' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38721/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...
DirectAdmin 1.33.6 Symlink Bypass
Subject: DirectAdmin ln /etc/shadow to make symbolic link to shadow file in any dir after that go to Create/Restore Backups in direct and make Domains Directory: Backs up the backup file will be in /home/test/backups go there then Extract tar.gz file after extract go to...
DirectAdmin <= 1.33.6 Symlink Permission Bypass
No description provided by source. Subject: DirectAdmin = 1.33.6 Symlink Permission Bypass Date: 5/1/21010 Author: alnjm33 Tested on: 1.33.6 -- 1.33.1 and i think it's work in all versions Home:sec-war.com...
DirectAdmin <= 1.33.6 Symlink Permission Bypass
Exploit for unknown platform in category local exploits =============================================== DirectAdmin ln /etc/shadow to make symbolic link to shadow file in any dir after that go to Create/Restore Backups in direct and make Domains Directory: Backs up the backup file will be in...
DirectAdmin 1.33.6 - Symlink Security Bypass
DirectAdmin 1.33.6 - Symlink Security Bypass Subject: DirectAdmin ln /etc/shadow to make symbolic link to shadow file in any dir after that go to Create/Restore Backups in direct and make Domains Directory: Backs up the backup file will be in /home/test/backups go there then Extract tar.gz file...
DirectAdmin 1.33.6 - Symlink Security Bypass
Subject: DirectAdmin ln /etc/shadow to make symbolic link to shadow file in any dir after that go to Create/Restore Backups in direct and make Domains Directory: Backs up the backup file will be in /home/test/backups go there then Extract tar.gz file after extract go to...
DirectAdmin 1.34.0 XSRF
Vendor: http://www.directadmin.com/ Code : Create Administrator : DirectAdmin v1.34.0 XSRF Create Administrator Vulnerability...