3955 matches found
cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit
No description provided by source. !/usr/bin/perl -w 10/01/06 - cPanel = 10.8.x cpwrap root exploit via mysqladmin use strict; haha oh wait.. my $cpwrap = /usr/local/cpanel/bin/cpwrap; my $mysqlwrap = /usr/local/cpanel/bin/mysqlwrap; my $pwd = pwd; chomp $pwd; $ENV'PERL5LIB' = $pwd; if ! -x...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
cPanel 5-9 Local Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the modphpsuexec option are insecure. These settings will...
cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21498/info Web Hosting Manager is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary scri...
cPanel 11.x - scripts2/knowlegebase issue Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...
cPanel 10.x editit.html file Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/19624/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script cod...
cPanel 5-9 Killacct Script Customer Account DNS Information Deletion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10468/info cPanel is prone to a vulnerability that can allow a remote authenticated administrator to delete customer account DNS information for customers that are not administered by that administrator. This attack can...
cPanel 5-9 Passwd Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using ...
cPanel 11.x - scripts2/listaccts search Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...
CPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrativ...
cPanel <= 11.21 - 'wwwact' Remote Privilege Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29277/info cPanel is prone to a remote privilege-escalation vulnerability because of an unspecified error. Successfully exploiting this issue allows remote attackers to gain administrative privileges to the affected...
cPanel 5/6,Formail-Clone E-Mail Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host. This...
cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
No description provided by source. !- for use old cpanel exploit http://www.milw0rm.com/exploits/2466 you need have !- bash shell access on victim server but with this new exploit you only need !- to upload php file and run this into browser on victim servers. !- then you have root Access and you...
cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute i...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (3)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
SmilieScript <= 1.0 (Auth Bypass) SQL Injection Vulnerability
No description provided by source. ======================================================= +++++++++++++++++++ information +++++++++++++++++++++++ ======================================================= + Script :SmilieScript = 1.0 Auth Bypass SQL injection Valunrability + Script site :...
cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue may result in local...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
Cpanel PHP - Restriction Bypass Vulnerability (0day)
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 1 0day | | | | || / \ || | | | || ||// \/|/ ''' abysssec Inc Public Advisory 1 Advisory information Title : Cpanel PHP Restriction Bypass Vulnerability Version : = 11.25...
Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
No description provided by source. Fantastico In all Version Cpanel 11.x = local File Include Must login to :2082 To break the protection modsecurity & safemode: off & Disable functions : all none Vulnerable Code $licensingservers=$fantasticopath . /includes/enclicensingservers.php; if...