CVE-2004-2308

Cross-site scripting XSS vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html...

[SA16362] cPanel Password Change Privilege Escalation Security Issue

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

[SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-2021

The CVE-2005-2021 entry describes a cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier, caused by failure to sanitize the user parameter on the login page. Remote attackers could inject arbitrary HTML/script into a user’s browser. Affected product: cPanel (pre-9.1). The connected ...

CVE-2005-2021

Cross-site scripting XSS vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page...

cPanel cpsrvd.pl user Parameter XSS

The remote host is running cPanel. The version of cPanel on the remote host suffers from a cross-site scripting vulnerability due to its failure to sanitize user-supplied input to the 'user' parameter of the 'login' page. An attacker may be able to exploit this flaw to inject arbitrary HTML and...

CVE-2005-2021

Cross-site scripting XSS vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page...

cPanel 9.1 - User Cross-Site Scripting

cPanel 9.1 - User Cross-Site Scripting source: https://www.securityfocus.com/bid/13996/info It is reported that cPanel is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficien...

cPanel 9.1 - 'User' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13996/info It is reported that cPanel is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data vi...

CVE-2004-1849

The CVE-2004-1849 entry describes multiple cross-site scripting (XSS) vulnerabilities in cPanel version 9.1.0. The affected components are the web pages dodelautores.html (email parameter) and addhandle.html (handle parameter). Exploitation leads to injection of arbitrary web script or HTML by re...

CVE-2004-1875

Multiple cross-site scripting XSS vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to testfile.html, 2 file parameter to erredit.html, 3 dns parameter to dnslook.html, 4 account parameter to ignorelist.html, 5 account...

CVE-2004-1849

Multiple cross-site scripting XSS vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to dodelautores.html or 2 handle parameter to addhandle.html...

CVE-2004-1875

CVE-2004-1875 describes multiple XSS vulnerabilities in cPanel 9.1.0-R85 . The flaws allow remote attackers to inject arbitrary web script/HTML via nine parameters across several pages (testfile.html, erredit.html, dnslook.html, ignorelist.html, showlog.html, repairdb.html, doaddftp.html, editmsg...

EUVD-2004-1764

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter...

CVE-2004-1769

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass...

CVE-2004-1769

CVE-2004-1769 affects cPanel 9.1.0 build 34 and earlier (including 8.x). The vulnerability allows remote code execution through the resetpass feature by passing a crafted value for the user parameter to the resetpass endpoint, enabling arbitrary command execution on the server. Exploit details ap...

CVE-2004-1770

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter...

CVE-2004-1770

CVE-2004-1770 affects the login page of cPanel 9.1.0 and possibly earlier . The issue arises from improper handling of the user parameter , allowing remote attackers to execute arbitrary code via shell metacharacters. The vulnerability is described as remote code execution with high impact (netwo...

CVE-2004-1604

cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the private directory, which is created when Front Page extensions are enabled...

CVE-2004-1603

CVE-2004-1603 affects cPanel 9.4.1-RELEASE-64, where the application follows hard links, enabling local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file, regardless of Front Page extension status. The root cause is hard link handling in ...