Lucene search
K

3955 matches found

securityvulns
securityvulns
added 2006/05/22 12:0 a.m.31 views

cPanel OpenBaseDir Bypass

Hey when you try to run a phpshell and open BaseDir is on you will se that: Open base dir: /home//:/usr/lib/php:/usr/local/lib/php:/tmp Okey.. now run the phpshell with user like that: http://server..com//phpshell.php you will see that: Open base dir: OFF not secure...

7.1AI score
Exploits0
NVD
NVD
added 2006/03/09 8:2 p.m.12 views

CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

4CVSS6.2AI score0.00946EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2006/03/09 8:2 p.m.21 views

CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

4CVSS5.9AI score0.00946EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/03/09 8:0 p.m.17 views

CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

6.2AI score0.00946EPSS
Exploits0References2
CVE
CVE
added 2006/03/09 8:0 p.m.59 views

CVE-2006-1119

CVE-2006-1119 concerns the Fantastico component integrated with cPanel . The issue arises when Fantastico does not properly handle operations with insufficient permissions, allowing remote authenticated users to cause a PHP error message that leaks the full pathname. The vulnerability is characte...

4CVSS6.2AI score0.00946EPSS
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2006/03/07 12:0 a.m.35 views

Cpanel Path Disclosure Vulnerability

Cpanel hsa the vulnerability to discover the path of the files exp: loginto your cpanel account goto fantastico try to install one of the scripts ! exp: 4images if the server set a permission on the /tmp , cpanel tmp files yuo should see this Warning: main/home/userid/publichtml/fantversion.php:...

0.3AI score
Exploits0
Prion
Prion
added 2006/02/18 2:2 a.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter...

4.3CVSS6.1AI score0.01214EPSS
Exploits1References3
NVD
NVD
added 2006/02/18 2:2 a.m.18 views

CVE-2006-0763

Cross-site scripting XSS vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter...

4.3CVSS5.6AI score0.01214EPSS
Exploits1References3
Cvelist
Cvelist
added 2006/02/18 2:0 a.m.24 views

CVE-2006-0763

Cross-site scripting XSS vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter...

5.6AI score0.01214EPSS
Exploits1References3
CVE
CVE
added 2006/02/18 2:0 a.m.44 views

CVE-2006-0763

The CVE-2006-0763 entry describes a Cross-site Scripting (XSS) vulnerability in cPanel's dowebmailforward.cgi . An attacker can inject arbitrary web script or HTML by supplying a URL-encoded value in the fwd parameter. This affects the cPanel component hosting the script and could execute in a vi...

4.3CVSS5.6AI score0.01214EPSS
Exploits1References3Affected Software1
securityvulns
securityvulns
added 2006/02/08 12:0 a.m.42 views

[Full-disclosure] Cpanel Admin login (username) Disclosure

Hi, could somebody kindly confirm this. When a null username and a null password is provided in the cpanel administration, port 2082, basic authorization prompt and then cancelling the prompt the second time, the webpage presents a hyperlink to reset the password which contains valid username for...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2006/02/08 12:0 a.m.41 views

[Full-disclosure] Re: cPanel Multiple Cross Site Scripting Vulnerability

One more to ur list http://localhost:2095/dowebmailforward.cgi?fwd=3Cscript3Ealert28document.cookie293B3C2Fscript3E&action=Add+Forwarder Sumit On 2/4/06, Hamish Stanaway [email protected] wrote: Hi there, Thank you for finding this vulnerability in a widely used software. I was wondering i...

Exploits0
NVD
NVD
added 2006/02/07 6:6 p.m.15 views

CVE-2006-0574

Cross-site scripting XSS vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the 1 file extension or 2 mime-type...

4.3CVSS5.7AI score0.01976EPSS
Exploits0References6
NVD
NVD
added 2006/02/07 6:6 p.m.16 views

CVE-2006-0573

Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...

4.3CVSS5.7AI score0.02526EPSS
Exploits1References9
Prion
Prion
added 2006/02/07 6:6 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...

4.3CVSS6AI score0.02526EPSS
Exploits1References9Affected Software1
Prion
Prion
added 2006/02/07 6:6 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the 1 file extension or 2 mime-type...

4.3CVSS6.1AI score0.01976EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/02/07 6:0 p.m.21 views

CVE-2006-0573

Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...

5.7AI score0.02526EPSS
Exploits1References9
CVE
CVE
added 2006/02/07 6:0 p.m.57 views

CVE-2006-0574

CVE-2006-0574 documents a Cross-site Scripting (XSS) vulnerability in cPanel 10 related to mime/handle.html. The flaw allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type, enabling script execution within the affected interface. The vulnerabil...

4.3CVSS5.7AI score0.01976EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/02/07 6:0 p.m.50 views

CVE-2006-0573

CVE-2006-0573 affects cPanel 10 and earlier, with multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) email parameter to editquota.html or dodelpop.html, (2) showtree parameter to diskusage.html, and (3-6) mon, year, target, or domain pa...

4.3CVSS5.7AI score0.02526EPSS
Exploits1References9Affected Software1
securityvulns
securityvulns
added 2006/02/07 12:0 a.m.36 views

cPanel 10 handle.html XSS Vulnerability

mime/handle.html usually https://www.example.com/cpanel/frontend/x/mime/handle.html of cPanel 10 is vulnerable to an XSS vulnerability. This can be leveraged by entering an injected html into the extension and/or mime-type specified. I sucesfully leveraged this issue causing the page to execute t...

0.3AI score
Exploits0
Rows per page
Query Builder