3955 matches found
cpanel-lfixss.txt
---------------------------------------------------------------- Script : Cpanel 11.x Type : Local File Inclusion & Cross Site Scripting Risk : High ---------------------------------------------------------------- Discovered by : Khashayar Fereidani I am 17 Years Old My Official Website :...
Directory traversal
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot or absolute pathname in the...
CVE-2008-4181
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot or absolute pathname in the...
CVE-2008-4181
The CVE-2008-4181 vulnerability affects the Netenberg Fantastico De Luxe module for cPanel (before 2.10.4 r19). It is a directory traversal in includes/xml.php that allows remote authenticated users to include and execute arbitrary local files via the fantasticopath parameter, using .. or absolut...
6rbScript 3.3 (singerid) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =========================================================== 6rbScript 3.3 singerid Remote SQL Injection Vulnerability =========================================================== || | | 6rbScript V3.3 singerid Remote SQL Injection...
Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
No description provided by source...
cpanel-lfi.txt
Fantastico In all Version Cpanel 11.x First Create directory Let the name /includes/ and upload Shell.php in /includes/ Then rename it to enclicensingservers.php :::xploit:::: http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user Discoverd By : joker1 for info :...
Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
Exploit for unknown platform in category web applications ========================================================== Cpanel First Create directory Let the name /includes/ and upload Shell.php in /includes/ Then rename it to enclicensingservers.php :::xploit::::...
cPanel 11.x - Fantastico Local File Inclusion
cPanel 11.x - Fantastico Local File Inclusion Fantastico In all Version Cpanel 11.x First Create directory Let the name /includes/ and upload Shell.php in /includes/ Then rename it to enclicensingservers.php :::xploit::::...
cPanel 11.x - 'Fantastico' Local File Inclusion
Fantastico In all Version Cpanel 11.x First Create directory Let the name /includes/ and upload Shell.php in /includes/ Then rename it to enclicensingservers.php :::xploit:::: http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user Discoverd By : joker1 for info :...
Code injection
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field aka Email text box. NOTE: the vendor disputes this, stating "I'm unable to...
CVE-2008-2478
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field aka Email text box. NOTE: the vendor disputes this, stating "I'm unable to...
CVE-2008-2478
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field aka Email text box. NOTE: the vendor disputes this, stating "I'm unable to...
CVE-2008-2478
CVE-2008-2478 affects cPanel under scripts/wwwacct (versions 11.18.6 STABLE and earlier, and 11.23.1 CURRENT and earlier). The issue allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field, enabling code execution th...
PT-2008-3935 · Cpanel · Cpanel
Name of the Vulnerable Software and Affected Versions: cPanel versions 11.18.6 and earlier, 11.23.1 and earlier Description: The issue allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field. The vendor disputes this...
Cpanel all version >> root access with a reseller account.
By : Ali Jasbi IHST security & hacking Research team WwW.Hackerz.ir Vendor : Cpanel.net Version : ALL !! Risk : Very high What u can do with this bug is : u can have a access to all the server with reseller privilege Th3 r00t how it's work ? when u want to create an account in shell what will...
cPanel 11.21 - wwwact Privilege Escalation
cPanel 11.21 - wwwact Privilege Escalation source: https://www.securityfocus.com/bid/29277/info cPanel is prone to a remote privilege-escalation vulnerability because of an unspecified error. Successfully exploiting this issue allows remote attackers to gain administrative privileges to the...
cPanel 11.21 - 'wwwact' Privilege Escalation
source: https://www.securityfocus.com/bid/29277/info cPanel is prone to a remote privilege-escalation vulnerability because of an unspecified error. Successfully exploiting this issue allows remote attackers to gain administrative privileges to the affected application and execute malicious PHP...
cPanel跨站脚本和跨站请求伪造漏洞
BUGTRAQ ID: 29125 CVECAN ID: CVE-2008-2070,CVE-2008-2071 cPanel是基于web的工具,用于自动化控制网站和服务器。 cPanel的WHM接口允许用户管理和访问cPanel及WHM软件包的核心。这个接口没有正确地防范跨站脚本和跨站请求伪造攻击,允许远程攻击者通过提交恶意请求在服务器上执行任意代码。 所有管理用户输入的函数都存在跨站脚本漏洞,以下为部分有漏洞的函数列表: Knowlege Base(/scripts2/knowlegebase?issue=INJECTION&domain=) Change Ip to...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors...