CVE-2026-41233

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...

PT-2026-34638

Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customers see all permission. This allows a reseller to attribute newly created...

Incorrect Authorization

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Incorrect Authorization in the Domains.add process. An attacker can bypass domain quota restrictions and exhaust another admin's quota by specifying an arbitrary adminid parameter whe...

CVE-2025-66431

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."...

CVE-2025-66431

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."...

CVE-2025-66431

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."...

CVE-2025-66431

WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."...

WebPros Plesk 安全漏洞

WebPros Plesk is a web hosting platform from WebPros, Inc. A security vulnerability exists in WebPros Plesk versions prior to 18.0.73.5 and versions prior to 18.0.74 through 18.0.74.2, which stems from a flaw in the domain creation functionality that could lead to remote code execution...

CVE-2025-66431

CVE-2025-66431 affects WebPros Plesk on Linux, prior to 18.0.73.5 and before 18.0.74.2 in the 18.x branch. Flaw in the domain creation mechanism allows remote authenticated users to execute arbitrary code as root when they have Create and manage sites with Domains management and Subdomains manage...

EUVD-2018-13470

Malware in sbrugna...

Cross-Site Scripting (XSS)

modoboa is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the user input before it outputs to the front end via the domain creation form, allowing an attacker to inject and execute malicious JavaScript on a victim's browser...

When setSubnodeOwner transfers ownership of sub-domain the new owner can perform actions before fuses are burned

Lines of code Vulnerability details Impact Function NameWrapper.setSubnodeOwner can be used to transfer ownership of a sub-domain to a new owner and, at the same time, burn fuses. A possible use-case could be that a domain owner wants to transfer ownership of the sub-domain but burn fuses in orde...

CVE-2021-38939

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037...

SUSE-RU-2019:2767-1 Recommended update for xen

This update for xen to version 4.10.4 fixes the following issues: - Fixed an issue where libxenlight could not restore domain vsa6535522 on live migration bsc1133818. - Fixed an HPS bug which did not allow to install Windows Server 2016 with 2 CPUs setting or above bsc1137717. - Fixed an issue...

SUSE-SU-2019:2753-1 Security update for xen

This update for xen to version 4.11.2 fixes the following issues: Security issues fixed: - CVE-2019-15890: Fixed a use-after-free in SLiRP networking implementation of QEMU emulator which could have led to Denial of Service bsc1149813. - CVE-2019-12068: Fixed an issue in lsi which could lead to a...

CVE-2018-20932

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains SEC-406...

CVE-2018-20932

CVE-2018-20932 affects cPanel before 70.0.23. The issue arises when certain domains are created, causing exposure of Apache HTTP Server logs and resulting in potential information disclosure. The primary reference is SEC-406. Exploitation status and concrete fixes are not provided in the connecte...

CVE-2017-14317

A domain cleanup issue was discovered in the C xenstore daemon aka cxenstored in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it including domain...

CVE-2017-14317

A domain cleanup issue was discovered in the C xenstore daemon aka cxenstored in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on it including domain...

Unauthorized Domain Creation

admin-cli is vulnerable to unauthorised domain creation. The vulnerability is possible since it does not verify the validity of admin's credentials before creation of domain...