3955 matches found
WHOISCART (Auth Bypass) Information Disclosure Vulnerability
No description provided by source. +===================================================================================+ ./SEC-R1Z / / / / /\ \ |/ / \ \ / / / / | | / | | / / \ / / / / | || / | | / / \ \ \ \2009 | \ | | / / / \ /\ / ||\ \ ||/ ...
CVE-2009-2167
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel aka 7ml 1.0.1 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...
Authentication flaw
cpanel/login.php in EgyPlus 7ammel aka 7ml 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters...
CVE-2009-2168
cpanel/login.php in EgyPlus 7ammel aka 7ml 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters...
CVE-2009-2168
cpanel/login.php in EgyPlus 7ammel aka 7ml 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters...
CVE-2009-2167
CVE-2009-2167 affects EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier. Multiple SQL injection in cpanel/login.php via (1) username or (2) password when magic_quotes_gpc is disabled; enables remote execution of arbitrary SQL commands. Documents do not provide a remediation, and while exploits exist (se...
CVE-2009-2168
Summary: CVE-2009-2168 affects EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier. The vuln arises in cpanel/login.php where, after invalid credentials, a redirect is sent but the script does not exit, allowing remote attackers to bypass authentication by supplying arbitrary username and password paramet...
PT-2009-4620 · Egyplus · Egyplus 7Ammel
Name of the Vulnerable Software and Affected Versions: EgyPlus 7ammel aka 7ml versions 1.0.1 and earlier Description: The issue allows remote attackers to bypass authentication by providing arbitrary username and password parameters. This occurs because cpanel/login.php sends a redirect to the we...
cPanel文件管理器文件名HTML注入漏洞
BUGTRAQ ID: 34142 cPanel是基于web的工具,用于自动化控制网站和服务器。 Cpanel内嵌有两个文件管理器,分别为标准和旧式文件管理器。这两个文件管理器在处理文件名时存在跨站脚本漏洞,远程攻击者可以通过创建特制的文件名注入并执行脚本。 对于旧式文件管理器,只要查看了文件列表就可以执行攻击者的代码;对于标准文件管理器,文件列表经过转义,但如果用户对恶意文件执行了删除、拷贝、移动、重新命名等任务的话,仍可能执行注入的脚本。...
Cpanel File Manager Cross Site Scripting
Cpanel File Manager XSS Vulnerability Synopsis ------------- Cpanel www.cpanel.net has two file manager application, standard and legacy one to manage files. Both of them are vulnerable to XSS attack. File name is presented unescaped so that an attacker can craft malicious file name to execute...
CPANEL File Manager XSS Vulnerability
Cpanel File Manager XSS Vulnerability Synopsis ------------- Cpanel www.cpanel.net has two file manager application, standard and legacy one to manage files. Both of them are vulnerable to XSS attack. File name is presented unescaped so that an attacker can craft malicious file name to execute...
cPanel HTML注入和跨站脚本漏洞
BUGTRAQ ID: 33840 cPanel是基于web的工具,用于自动化控制网站和服务器。 cPanel中存在多个输入验证错误,远程攻击者可以执行脚本注入和跨站脚本攻击。 1 cPanel没有正确地过滤对用户主目录中.contactemail文件的输入,如果显示了恶意邮件就会在用户浏览器会话中注入任意HTML和脚本代码。 2 cPanel没有正确地过滤对scripts2/confdkillproc脚本的输入便返回给了用户,远程攻击者可以通过跨站脚本攻击在用户浏览器会话中执行任意HTML和脚本代码。 cPanel 11.x 厂商补丁: cPanel ------...
cPanel <= 10.8.x cpwrap root exploit
No description provided by source. !/usr/bin/perl -w 10/01/06 - cPanel = 10.8.x cpwrap root exploit via mysqladmin use strict; haha oh wait.. my $cpwrap = "/usr/local/cpanel/bin/cpwrap"; my $mysqlwrap = "/usr/local/cpanel/bin/mysqlwrap"; my $pwd = pwd; chomp $pwd; $ENV'PERL5LIB' = "$pwd"; if ! -x...
Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass"
Script : Cpanel 11.x bug : language.php edite file exploit=Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass" safemode off , modsecurity off Disable functions : All NONE ,access root folder ?php / Deadly Script by Super-Crystal bypass Cpanel fantastico www.arab4services.ne...
cpanel-bypass.txt
Script : Cpanel 11.x bug : language.php edite file exploit=Cpanel fantastico Privilege Escalation "ModSec and PHP restriction Bypass" safemode off , modsecurity off Disable functions : All NONE ,access root folder '; fwrite$h,$prctl; fclose$h; $handle = fopen$POST'php', "w"; fwrite$handle,...
cpanel 11.x XSS / Local File Inclusion Vulnerability
No description provided by source. ---------------------------------------------------------------- Script : Cpanel 11.x Type : Local File Inclusion & Cross Site Scripting Risk : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani I am 17 Year...
Cpanel 11.x Local File Inclusion & Cross Site Scripting - Discovered By Khashayar Fereidani
---------------------------------------------------------------- Script : Cpanel 11.x Type : Local File Inclusion & Cross Site Scripting Risk : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani I am 17 Years Old My Official Website :...
cpanel-lfixss.txt
---------------------------------------------------------------- Script : Cpanel 11.x Type : Local File Inclusion & Cross Site Scripting Risk : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani I am 17 Years Old My Official Website :...
cPanel 11.x - Cross-Site Scripting Local File Inclusion
cPanel 11.x - Cross-Site Scripting Local File Inclusion ---------------------------------------------------------------- Script : Cpanel 11.x Type : Local File Inclusion & Cross Site Scripting Risk : High ---------------------------------------------------------------- Discovered by : Khashayar...
cpanel 11.x XSS / Local File Inclusion Vulnerability
Exploit for unknown platform in category web applications ==================================================== cpanel 11.x XSS / Local File Inclusion Vulnerability ==================================================== ---------------------------------------------------------------- Script : Cpanel...