9 matches found
CVE-2026-41233
Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...
CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()
Froxlor is open source server administration software. Prior to version 2.3.6, in Domains.add, the adminid parameter is accepted from user input and used without validation when the calling reseller does not have the customersseeall permission. This allows a reseller to attribute newly created...
Command Injection
Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Command Injection via the execcmd function. An attacker who has Reseller or SuperAdmin privileges can execute arbitrary operating system commands by supplying specially crafted input, such as domain...
Hosting Controller <= 6.1 Hotfix 3.1 Privilege Escalation Vulnerability
No description provided by source. Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix = 3.1 Developer url: www.Hostingcontroller.com Solution: Update to Hotfix 3.2 Discover date: 2005,Summer Report date to hc company: Sat Jun 10, 2006...
Code injection
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field aka Email text box. NOTE: the vendor disputes this, stating "I'm unable to...
PT-2008-3935 · Cpanel · Cpanel
Name of the Vulnerable Software and Affected Versions: cPanel versions 11.18.6 and earlier, 11.23.1 and earlier Description: The issue allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field. The vendor disputes this...
HostingController: An attacker can gain reseller privileges and after that can gain admin privileges
Hi, I'm Soroush Dalili from GrayHatz Security Group GSG. I publish the most important bugs of hosting controller program, after 3 weeks from reporting to the main company for more security Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix...
Hosting Controller <= 6.1 Hotfix 3.1 Privilege Escalation Vulnerability
Exploit for unknown platform in category web applications ======================================================================= Hosting Controller function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value + nact...
Hosting Controller 6.1 Hotfix 3.1 - Privilege Escalation
Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix function siteaction nact= "/hosting/addreseller.asp?htype=3" window.document.all.frm1.action = window.document.all.siteact.value + nact window.document.all.frm1.submit Form1 URL: reseller...