3955 matches found
CVE-2008-2070
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "" characters in the 1 issue parameter to scripts2/knowlegebase, 2 user parameter to...
CVE-2008-2071
Multiple cross-site request forgery CSRF vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors...
Cross site scripting
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "" characters in the 1 issue parameter to scripts2/knowlegebase, 2 user parameter to...
CVE-2008-2070
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "" characters in the 1 issue parameter to scripts2/knowlegebase, 2 user parameter to...
CVE-2008-2071
Multiple cross-site request forgery CSRF vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors...
CVE-2008-2071
CVE-2008-2071 describes CSRF flaws in the cPanel/WHM web interface. Affected: WHM/cPanel versions affected by 11.18.4+ and 11.22.3+ patches (the issue is present in 11.18.0–11.18.3 and 11.22.0–11.22.2 as noted by sources). The vulnerability allows remote attackers to perform unauthorized actions ...
CVE-2008-2070
The CVE-2008-2070 entry concerns the WHM interface of cPanel: affected are WHM/cPanel builds around 11.15.0/11.18.x and 11.22.x, where multiple user-supplied inputs (notably issue in scripts2/knowlegebase, user in scripts2/changeip, and search in scripts2/listaccts) permit bypassing XSS protectio...
PT-2008-3588 · Cpanel · Cpanel
Name of the Vulnerable Software and Affected Versions: cPanel versions 11.18.0 through 11.18.3 cPanel versions 11.22.0 through 11.22.2 Description: The issue allows remote attackers to perform unauthorized actions as cPanel administrators. This can be achieved via requests to "cpanel/whm/webmail"...
XSS and CSRF vulnerability on Cpanel 11
DESCRIPTION OF THE SOFTWARE cPanel is a hosting automation tool. WHM interface provides access to the heart of the cPanel and WHM package and allows a Server Administrator to simply configure a few options and be on their way to hosting web sites. 2. DESCRIPTION OF THE VULNERABILITY There are...
cPanel 11.x - scripts2changeip?user Cross-Site Scripting
cPanel 11.x - scripts2changeip?user Cross-Site Scripting source: https://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
cPanel 11.x - scripts2listaccts?search Cross-Site Scripting
cPanel 11.x - scripts2listaccts?search Cross-Site Scripting source: https://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execut...
cPanel 11.x - scripts2knowlegebase?issue Cross-Site Scripting
cPanel 11.x - scripts2knowlegebase?issue Cross-Site Scripting source: https://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
cpanel-xssxsrf.txt
DESCRIPTION OF THE SOFTWARE cPanel is a hosting automation tool. WHM interface provides access to the heart of the cPanel and WHM package and allows a Server Administrator to simply configure a few options and be on their way to hosting web sites. 2. DESCRIPTION OF THE VULNERABILITY There are...
cPanel 11.x - '/scripts2/knowlegebase?issue' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting us...
cPanel 11.x - '/scripts2/listaccts?search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting us...
cPanel 11.x - '/scripts2/changeip?user' Cross-Site Scripting
source: https://www.securityfocus.com/bid/29125/info cPanel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting us...
cPanel跨站请求伪造漏洞
CVECAN ID: CVE-2008-2043 cPanel是基于web的工具,用于自动化控制网站和服务器。 cPanel没有验证用户通过HTTP请求所执行的某些操作,这允许远程攻击者通过跨站请求伪造(XSRF)攻击执行仅有管理员才可以执行的操作,包括创建新的数据库、添加新用户等。 cPanel 11.18.3 build ID 21703 临时解决方法: 启用Referrer检查: 1 导航至Server configuration 2 找到Tweak Settings 3 在WebHost Manager中找到Security 4 选择复选框并保存页面 厂商补丁: cPanel...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to 1 execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via 2 frontend/x2/sql/adddb.html, 3...
CVE-2008-2043
Multiple cross-site request forgery CSRF vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to 1 execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via 2 frontend/x2/sql/adddb.html, 3...
CVE-2008-2043
Multiple cross-site request forgery CSRF vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to 1 execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via 2 frontend/x2/sql/adddb.html, 3...