CVE-2007-1926

CVE-2007-1926 affects JBMC Software DirectAdmin before 1.293. The vulnerability arises because DirectAdmin does not properly display log files, enabling cross-site scripting (XSS) via user-controlled input logged in multiple files (e.g., /var/log/directadmin/security.log, /var/log/messages, /var/...

PT-2007-3271

Name of the Vulnerable Software and Affected Versions DirectAdmin versions prior to 1.293 Description The issue allows remote authenticated users to inject arbitrary web script or HTML via http or ftp requests logged in various log files, including /var/log/directadmin/security.log. It also enabl...

directadmin1293-xss.txt

Subject: DirectAdmin persistant XSS takeover an Administrators account + Version: alert'0wned:'+escapedocument.cookie; Lines in log files: mainlog: 2007-03-23 19:...

DirectAdmin persistant XSS [takeover an Administrator`s account]

Subject: DirectAdmin persistant XSS takeover an Administrators account + Version: DirectAdmin 1.29.3 + Discovered by: Kanedaaa: http://kaneda.bohater.net + DirectAdmin Description: DirectAdmin is a popular, advanced Web Control Panel with many features for webhosting. www.directadmin.com +...

CVE-2007-1508

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983...

Cross site scripting

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983...

CVE-2007-1508

CVE-2007-1508 concerns DirectAdmin, specifically the CMD_USER_STATS component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. The description confirms an XSS flaw in DirectAdmin’s user stats handlin...

PT-2007-2898

Name of the Vulnerable Software and Affected Versions DirectAdmin affected versions not specified Description A cross-site scripting XSS issue exists in CMD USER STATS, allowing remote attackers to inject arbitrary web script or HTML via the RESULT parameter. Recommendations At the moment, there ...

DirectAdmin Cross Site Scripting XSS

-=Fusi0n Group=- Script name .....: DirectAdmin Script site .....: http://directadmin.com Release Date ....: 15/03/2007 Version .........: All Find by .........: Mandr4ke Contact .........: Mandr4ke.rootatgmail.com Greetings .......: Fusi0nGroup & DevilTeam & Nof...

DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting

DirectAdmin 1.292 - CMDUSERSTATS Cross-Site Scripting source: https://www.securityfocus.com/bid/22996/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22996/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

CVE-2006-5983

Multiple cross-site scripting XSS vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 user parameter to a CMDSHOWRESELLER or b CMDSHOWUSER in the Admin level; the 2 TYPE parameter to c CMDTICKETCREATE or d CMDTICKET...

CVE-2006-5983

CVE-2006-5983 concerns DirectAdmin 1.28.1 with multiple reflected XSS vectors. The connected PTSecurity entry details that remote authenticated users can inject arbitrary script/HTML via a range of parameters and commands: user parameter to CMD SHOW RESELLER/SHOW USER (Admin level); TYPE paramete...

CVE-2006-5983

Multiple cross-site scripting XSS vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 user parameter to a CMDSHOWRESELLER or b CMDSHOWUSER in the Admin level; the 2 TYPE parameter to c CMDTICKETCREATE or d CMDTICKET...

PT-2006-6644

Name of the Vulnerable Software and Affected Versions DirectAdmin version 1.28.1 Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved through various parameters and commands, including the user parameter to CMD SHOW RESELLER or CMD...

directadmin-1281.txt

Aria-Security Team Advisory Original Advisory : http://aria-security.net/advisory/directadmin.txt ----------------------------------------------------------- Software: DirectAdmin V1.28.1 DirectAdmin level used : Admin level PoC: http://target:2222/CMDSHOWRESELLER?userXSS...

DirectAdmin Multiple Cross Site Scription

Aria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory : http://aria-security.net/advisory/directadmin.txt ----------------------------------------------------------- Software: DirectAdmin V1.28.1 DirectAdmin level used : Admin level PoC:...

DirectAdmin 1.281.29 - CMD_FTP_SHOW Cross-Site Scripting

DirectAdmin 1.281.29 - CMDFTPSHOW Cross-Site Scripting source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

DirectAdmin 1.281.29 - CMD_TICKET_CREATE Cross-Site Scripting

DirectAdmin 1.281.29 - CMDTICKETCREATE Cross-Site Scripting source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

DirectAdmin 1.281.29 - CMD_EMAIL_LIST Cross-Site Scripting

DirectAdmin 1.281.29 - CMDEMAILLIST Cross-Site Scripting source: https://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...