3955 matches found
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
cPanel 11.18.3 - List Directories and Folders Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28300/info cPanel is prone to an information-disclosure vulnerability. An attacker can exploit this issue to determine programs that are running on the affected server and to view folders on other sites that are protected...
cPanel 11.x 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
No description provided by source...
cPanel 10.x showfile.html file Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/19624/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script cod...
cPanel 10 newuser.html Multiple Parameter XSS
No description provided by source...
Zamfoo 12.6 Arbitrary Command Execution
Title: Zamfoo Multiple Arbitrary Command Executions Author: Al-Shabaab Vendor Homepage:http://www.zamfoo.com/ Version: 12.6 Intro The ZamFoo software suite is a series of WHM plugin modules also known as WHM addon modules catered towards easing the burden of web hosting providers that sell shared...
cPanel多个安全漏洞
cPanel是一款基于多种语言的空间管理面板,可通过域名来管理整个站点。 cPanel存在多个安全漏洞: 1,部分日志文件以全局可读权限创建,允许攻击者查看日志文件获取敏感信息。 2,提交给FormMail.pl的输入在重定向用户之前缺少校验,可重定向用户至任意WEB站点。 3,在Cpanel::API::Fileman中生成错误消息时Locale::Maketext::maketext存在错误,允许攻击者提交特制输入可执行任意代码。 4,在某些情况下会在HOME文件创建trackupload日志,可通过符号链接攻击覆盖文件。...
Softaculous Import权限提升漏洞
Softaculous是一款cPanel和DirectAdmin的自动安装程序。 由于导入程序是的为名错误,攻击者可以利用漏洞活动root权限。 0 Softaculous 4.x 厂商补丁: Softaculous ----- Softaculous 4.3.8版本以修复此漏洞,建议用户下载使用: http://www.softaculous.com/softaculous/...
cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS
Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...
cPanel 管理系统多个安全漏洞
cPanel是一款基于多种语言的空间管理面板,可通过域名来管理整个站点 cPanel存在多个安全漏洞,允许恶意用户劫持域和操作部分数据: 1,暂停账户时存在错误,可被利用操作某些文件 2,处理DNSAdmin集群请求时cpsrvd存在错误,可被利用操作其他账户的DNS域 3,当处理停放域时不正确校验权限,可被利用劫持托管在同一台服务器或DNS集群上的域 4,"Purchase and Install an SSL Certificate"功能存在错误,可被利用覆盖任意文件 0 cPanel 11.x 厂商解决方案 cPanel 11.32.6.17, 11.34.1.25,...
cPanel Support Server Compromised
Website hosting provider cPanel is calling on some users to change their passwords after it informed them on Friday that hackers compromised one of its technical support department’s servers. The hosting provider does not know for certain the extent of the hack or what, if any, information was...
Hackers and Anti-Government Protests rage across Iraq
Four Iraqi Government websites defaced today by hacker going by name "riSky". Defaced domains include Iraq National Investment Commission website also. Where, Tens of thousands of protesters rallied across Iraq on Friday, charging that Sunni Muslims had been disenfranchised under the Shiite-led...
cPanel and WHM Multiple Cross Site Scripting Vulnerabilities
cPanel is a Unix based fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of cPanel & WHM is 11.34, which is vulnerable to multiple cross site scripting. During my bug hunting process, today I...
cPanel and WHM Multiple Cross Site Scripting Vulnerabilities
cPanel is a Unix based fully featured popular web based hosting account control panel that helps webmasters to manage their domains through a web browser. The latest version of cPanel & WHM is 11.34, which is vulnerable to multiple cross site scripting. During my bug hunting process, today I...
cPanel - 'detailbw.html' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/57060/info cPanel and WHM are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...
cPanel WebHost Manager (WHM) - '/webmail/x3/mail/clientconf.html?acct' Cross-Site Scripting
source: https://www.securityfocus.com/bid/57060/info cPanel and WHM are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...
C-Panel / WHM 11.34.0 Cross Site Scripting
cPanel & WHM Cross Site Scripting Vulnerability Date: 27 Dec 2012 Author: Christy Philip Mathew Vendor or Software Link: http://cpanel.net/demo/ Version: cPanel & WHM 11.34.0 build 8 Category:: Remote POC Video - http://www.youtube.com/watch?v=HJ64X2y8o0E WHM 1. Basic cPanel ,WHM Setup - NameServ...
cPanel WebHost Manager (WHM) - webmailx3mailclientconf.html?acct Cross-Site Scripting
cPanel WebHost Manager WHM - webmailx3mailclientconf.html?acct Cross-Site Scripting source: https://www.securityfocus.com/bid/57060/info cPanel and WHM are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage...
cPanel - detailbw.html Multiple Cross-Site Scripting Vulnerabilities
cPanel - detailbw.html Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/57060/info cPanel and WHM are prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
cPanel - 'dir' Cross-Site Scripting
source: https://www.securityfocus.com/bid/57064/info cPanel is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...