3955 matches found
cPanel OpenBaseDir Bypass
Hey when you try to run a phpshell and open BaseDir is on you will se that: Open base dir: /home//:/usr/lib/php:/usr/local/lib/php:/tmp Okey.. now run the phpshell with user like that: http://server..com//phpshell.php you will see that: Open base dir: OFF not secure...
CVE-2006-1119
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...
CVE-2006-1119
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...
CVE-2006-1119
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...
CVE-2006-1119
CVE-2006-1119 concerns the Fantastico component integrated with cPanel . The issue arises when Fantastico does not properly handle operations with insufficient permissions, allowing remote authenticated users to cause a PHP error message that leaks the full pathname. The vulnerability is characte...
Cpanel Path Disclosure Vulnerability
Cpanel hsa the vulnerability to discover the path of the files exp: loginto your cpanel account goto fantastico try to install one of the scripts ! exp: 4images if the server set a permission on the /tmp , cpanel tmp files yuo should see this Warning: main/home/userid/publichtml/fantversion.php:...
Cross site scripting
Cross-site scripting XSS vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter...
CVE-2006-0763
Cross-site scripting XSS vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter...
CVE-2006-0763
Cross-site scripting XSS vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter...
CVE-2006-0763
The CVE-2006-0763 entry describes a Cross-site Scripting (XSS) vulnerability in cPanel's dowebmailforward.cgi . An attacker can inject arbitrary web script or HTML by supplying a URL-encoded value in the fwd parameter. This affects the cPanel component hosting the script and could execute in a vi...
[Full-disclosure] Cpanel Admin login (username) Disclosure
Hi, could somebody kindly confirm this. When a null username and a null password is provided in the cpanel administration, port 2082, basic authorization prompt and then cancelling the prompt the second time, the webpage presents a hyperlink to reset the password which contains valid username for...
[Full-disclosure] Re: cPanel Multiple Cross Site Scripting Vulnerability
One more to ur list http://localhost:2095/dowebmailforward.cgi?fwd=3Cscript3Ealert28document.cookie293B3C2Fscript3E&action=Add+Forwarder Sumit On 2/4/06, Hamish Stanaway [email protected] wrote: Hi there, Thank you for finding this vulnerability in a widely used software. I was wondering i...
CVE-2006-0574
Cross-site scripting XSS vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the 1 file extension or 2 mime-type...
CVE-2006-0573
Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...
Cross site scripting
Cross-site scripting XSS vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the 1 file extension or 2 mime-type...
CVE-2006-0573
Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...
CVE-2006-0574
CVE-2006-0574 documents a Cross-site Scripting (XSS) vulnerability in cPanel 10 related to mime/handle.html. The flaw allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type, enabling script execution within the affected interface. The vulnerabil...
CVE-2006-0573
CVE-2006-0573 affects cPanel 10 and earlier, with multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) email parameter to editquota.html or dodelpop.html, (2) showtree parameter to diskusage.html, and (3-6) mon, year, target, or domain pa...
cPanel 10 handle.html XSS Vulnerability
mime/handle.html usually https://www.example.com/cpanel/frontend/x/mime/handle.html of cPanel 10 is vulnerable to an XSS vulnerability. This can be leveraged by entering an injected html into the extension and/or mime-type specified. I sucesfully leveraged this issue causing the page to execute t...