[Full-disclosure] cPanel 10 mime/handle.html XSS Vulnerability

mime/handle.html of cPanel 10 is vulnerable to an XSS vulnerability. This can be leveraged by entering an injected html into the extension and/or mime-type specified. I sucesfully leveraged this issue causing the page to execute the code scriptalert'hi'/script each time...

[Full-disclosure] cPanel 10 File Editing Vulnerability

In cPanel 10, the script "erredit.html," which is supposed to edit a specific set of files, can edit any file acessible by the cPanel. Example: http://www.example.com:2082/frontend/x/err/erredit.html?dir=publichtml/&file=index.php...

CVE-2006-0533

Cross-site scripting XSS vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter...

CVE-2006-0533

Cross-site scripting XSS vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter...

cpanelXSS.txt

Title: cPanel Multiple Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk Discovered: 22 january 2005 Published: 02 february 2006 MorX Security Research Team http://www.morx.org Service: Web Hosting Manager Vendor: cPanel Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks...

CVE-2006-0533

Cross-site scripting XSS vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter...

CVE-2006-0533

CVE-2006-0533 corresponds to a cross-site scripting (XSS) vulnerability in the cPanel component webmailaging.cgi. The issue allows remote attackers to inject arbitrary web script or HTML through the numdays parameter. Connected documents confirm the vulnerability description but do not provide a ...

cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities

cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/16482/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues ...

[Full-disclosure] cPanel Multiple Cross Site Scripting Vulnerability

Title: cPanel Multiple Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk simoatmorxorg Discovered: 22 january 2005 Published: 02 february 2006 MorX Security Research Team http://www.morx.org Service: Web Hosting Manager Vendor: cPanel Vulnerability: Cross Site Scripting / Cookie-Theft /...

cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/16482/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an...

WHMCompleteSolution XSS vuln.

WHMCompleteSolution XSS vuln. Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/whmcompletesolution-xss-vuln.html vendor:http://www.whmcs.com/ affected version:2.1 and prior Product Description: WHMCompleteSolution has the features that all web hosts...

Cpanel advisory

Advisory 2 $ Tittle: Cpanel demo account $ Author: UserMaster $ Contact: [email protected] $ Date: Sunday,5 , 2005 $ Website: http://defacersecurity.com $ Risk: Medium $ Vendor URL: http://cpanel.net/ $ Affected Software: All builds on all platforms are vulnerable up to and including 9.1.0 buil...

CVE-2005-3505

Cross-site scripting XSS vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as , which are processed by Internet Explorer...

CVE-2005-3505

CVE-2005-3505 describes a cross-site scripting (XSS) flaw in the Entropy Chat script used by cPanel versions 10.2.0-R82 and 10.6.0-R137. The underlying issue is that a chat message containing JavaScript in style attributes within tags such as can be processed by Internet Explorer, enabling remot...

CVE-2005-3505

Cross-site scripting XSS vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as , which are processed by Internet Explorer...

Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability

====================================================================== Secunia Research 04/11/2005 - cPanel Entropy Chat Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...

CVE-2004-2398

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5...

CVE-2004-2398

Vulnerability summary (CVE-2004-2398): Netenberg Fantastico De Luxe 2.8 stores database file names that reveal usernames because file names in the database directory are readable. This enables local attackers to enumerate valid usernames by listing files under /var/lib/mysql, where permissions we...

CVE-2004-2308

CVE-2004-2308 describes a cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier . The issue arises in the dohtaccess.html component, where the dir parameter is not properly sanitized, allowing remote attackers to inject arbitrary web script or HTML. The available connected...