141 matches found
Design/Logic Flaw
An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...
CVE-2018-17984
An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...
CVE-2018-17984
An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...
CVE-2018-17984
CVE-2018-17984 affects ISPConfig prior to 3.1.13, where an unanchored /[a-z]{2}/ regular expression enables arbitrary file inclusion, potentially leading to code execution. The issue is exploitable by authenticated users with local filesystem access, allowing execution in the security context of ...
ISPConfig Remote Command Execution
Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...
CVE-2017-17384
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...
CVE-2017-17384
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...
Design/Logic Flaw
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...
CVE-2017-17384
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...
CVE-2017-17384
ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...
CVE-2017-17384
CVE-2017-17384 affects ISPConfig 3.x before 3.1.9. A remote authenticated user can escalate privileges to root by creating a crafted cron job, due to a vulnerability in the cron handling. Impact: full root access on affected systems as described by the CVE, with high severity. Mitigation: upgrade...
ISPConfig Elevation of Privilege Vulnerability
ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...
ISPconfig 3.0.5.4 p6 Cross Site Scripting
Document Title: =============== ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1909 Release Date: ============= 2016-08-16 Vulnerability Laboratory ID VL-ID: ====================================...
ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities
Document Title: =============== ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1909 Release Date: ============= 2016-08-16 Vulnerability Laboratory ID VL-ID: ==================================== 19...
ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities
Document Title: =============== ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1909 Release Date: ============= 2016-08-15 Vulnerability Laboratory ID VL-ID: ==================================== 19...
ISPConfig 3.0.5 Cross Site Request Forgery
!-- tanks: Dr Ms Jk - n1arash - Milad Hacking - malahsky...
ISPConfig <= 3.0.5.4p7 monitor/show_sys_state.php SQL注入漏洞
因为不完整地过滤导致了SQL注入, 通过HTTP GET方式传递的server参数给了 /monitor/showsysstate.php页面攻击者可以传入任意恶意SQL命令并在数据库中执行该漏洞的成功的利用可以让攻击者获得数据库的读写权限甚至危机整个web应用但是该漏洞此时仍然是一个鸡肋漏洞, 因为攻击者要进行此攻击必须是认证通过的用户而且还需要有monitor权限然而, 结合CSRF Cross-Site Request Forgery in ISPConfig:...
CVE-2015-4119
Multiple cross-site request forgery CSRF vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of 1 administrators for requests that create an administrator account via a request to admin/usersedit.php or 2 arbitrary users for requests that conduct SQL...
CVE-2015-4118
SQL injection vulnerability in monitor/showsysstate.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2...
Sql injection
SQL injection vulnerability in monitor/showsysstate.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2...