PT-2009-4022

Name of the Vulnerable Software and Affected Versions: DirectAdmin versions prior to 1.334 Description: The issue allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action. This is related to the CMD DB in JBMC Software...

DirectAdmin Local File Overwrite

Subject: DirectAdmin /etc/poc' http://directadminserver:2222/CMDDB On server: $ ls -la /etc/poc -rw-r--r-- 1 root root 5 Apr 22 10:30 /etc/poc $ cat /etc/poc test --...

DirectAdmin 1.33.3 - CMD_DB Backup Action Insecure Temporary File Creation

DirectAdmin 1.33.3 - CMDDB Backup Action Insecure Temporary File Creation source: https://www.securityfocus.com/bid/34676/info DirectAdmin creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrit...

DirectAdmin 1.33.3 - '/CMD_DB' Backup Action Insecure Temporary File Creation

source: https://www.securityfocus.com/bid/34676/info DirectAdmin creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files. This could facilitate a complete...

DirectAdmin <= 1.33.1 Symlink Permission Bypass Vuln (untested)

No description provided by source. /H\ /T\ |T-HHHHHHH-T| HHHHHHHHHH| HHHHHHHHHH| H-T H-T \T-HHHHH-T/ HHHHHHHHH/ HHHHHHHHH/ H-T H-T H-T H-T H-T H-THHHHHH-T /HHHHH\ H-T H-T H-T H-THHHHHH-T THHHHHT H-T H-T H-T H-T H-T \HHHHH/ H-T H-T H-T H-T H-T H-T H-T H-T H-T H-T H-T /H\ HHHHHHHHH\...

DirectAdmin 1.33.1 Bypass

/H\ /T\ |T-HHHHHHH-T| HHHHHHHHHH| HHHHHHHHHH| H-T H-T \T-HHHHH-T/ HHHHHHHHH/ HHHHHHHHH/ H-T H-T H-T H-T H-T H-THHHHHH-T /HHHHH\ H-T H-T H-T H-THHHHHH-T THHHHHT H-T H-T H-T H-T H-T \HHHHH/ H-T H-T H-T H-T H-T H-T H-T H-T H-T H-T H-T /H\ HHHHHHHHH\ HHHHHHHHH\ \H/ \T/ H-T \T/ HHHHHHHHHH| HHHHHHHHHH|...

DirectAdmin <= 1.33.1 Symlink Permission Bypass Vuln (untested)

Exploit for unknown platform in category remote exploits =============================================================== DirectAdmin /home/attackeruser/domains/attackersite.com/publichtml/ Execute : ln /etc/shadow After that Go to The Control Panel...

Cross site scripting

Cross-site scripting XSS vulnerability in CMDBANDWIDTHBREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter...

CVE-2007-4830

Cross-site scripting XSS vulnerability in CMDBANDWIDTHBREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter...

CVE-2007-4830

The CVE-2007-4830 entry describes a Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN affecting DirectAdmin 1.30.2 and earlier. The underlying issue allows an attacker to inject arbitrary web script or HTML via the user parameter. According to the NVD entry, the impact is limite...

CVE-2007-4830

Cross-site scripting XSS vulnerability in CMDBANDWIDTHBREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508...

CVE-2007-3501

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508...

CVE-2007-3501

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508...

CVE-2007-3501

DirectAdmin CMD_USER_STATS has an XSS vulnerability in versions 1.30.1 and earlier. The issue allows remote attackers to inject arbitrary script/HTML via the domain parameter (a separate vector from CVE-2007-1508). The connected records confirm the affected component and vector but do not provide...

DirectAdmin XSS vuln.

DirectAdmin XSS vuln. Vuln. discovered by : r0t Date: 28 June 2007 vendor:http://www.directadmin.com orginal advisory: http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html affected versions:v1.30.1 and previous DirectAdmin contains a flaw that allows a remote Cross-Site Scripting...

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

Cross site scripting

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...