3955 matches found
cPanel 5-9 - Passwd SQL Injection
source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. The problem...
CVE-2004-0529
The modified suexec program in cPanel, when configured for modphp and compiled for Apache 1.3.31 and earlier without modphpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as 1 proftpdvhosts or 2 addalink.cgi, a...
CVE-2004-0529
The CVE-2004-0529 entries describe a local-privilege escalation in cPanel’s patched suexec when configured for mod_php and built for Apache 1.3.31 and earlier without mod_phpsuexec. The affected component is the modified suexec binary used with Apache+cPanel, which permits local users to execute ...
cPanel mod_php suEXEC Taint Vulnerability
SEVERITY: High, Arbitrary Execution as Arbitrary User PROBLEM DESCRIPTION: Flaws in how Apache's suexec binary has been patched by cPanel when configured for modphp, in conjuction with cPanel's creation of some perl scripts that are not taint clean, allow for any user to execute arbitrary code as...
cPanel 5-9 - Killacct Script Customer Account DNS Information Deletion
cPanel 5-9 - Killacct Script Customer Account DNS Information Deletion source: https://www.securityfocus.com/bid/10468/info cPanel is prone to a vulnerability that can allow a remote authenticated administrator to delete customer account DNS information for customers that are not administered by...
CPANEL Vuln : HTML injection
Cpanel Resellers just can use an exploit in the /scripts/killacct to delete one of my other customers accountsonly the DNS info not owned by him. All he had to do was create a fake account then delete it and look at the source code, view his cookies and discovered...
cPanel 5-9 - Killacct Script Customer Account DNS Information Deletion
source: https://www.securityfocus.com/bid/10468/info cPanel is prone to a vulnerability that can allow a remote authenticated administrator to delete customer account DNS information for customers that are not administered by that administrator. This attack can allow an attacker to cause a denial...
CVE-2004-0490
cPanel, when compiling Apache 1.3.29 and PHP with the modphpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPTFILENAME variable to find and execute a script instead of the PATHTRANSLATED variable, which allows local users to execute arbitrary PHP code...
CVE-2004-0490
CVE-2004-0490 affects cPanel when compiling Apache 1.3.29 with mod_phpsuexec; it does not set --enable-discard-path, so PHP uses SCRIPT_FILENAME instead of PATH_TRANSLATED, enabling local users to run the attacker’s script with the user’s privileges. This is a local vulnerability with complete co...
cPanel 5 9 - Local Privilege Escalation
cPanel 5 9 - Local Privilege Escalation source: https://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the modphpsuexec option are insecure. These settings...
cPanel mod_phpsuexec Vulnerability
Severity: High, Arbitrary Execution, Local Privilege Escalation Background: cPanel is a common web hosting management system written by cpanel.net installed on UNIX Operation Systems to help manage web, email, ftp, databases, and other administrative tasks. Problem Description: The options used b...
cPanel 5 < 9 - Local Privilege Escalation
source: https://www.securityfocus.com/bid/10407/info cPanel is reported prone to a privilege escalation vulnerability. It is reported that the options used by cPanel to compile Apache 1.3.29 and PHP using the modphpsuexec option are insecure. These settings will reportedly permit a local attacker...
Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts
Advisory: cPanel/Fantastico/mysql local vulnerability Date: 5/19/04 By: Michael Curtis email at curto dot us System: Redhat Enterprise 3 ES / cPanel 9.3.0-R5 most likely all redhat versions with all cpanel versions Severity: High, full compromise of local databases, password retrieval Background:...
Exensive cPanel Cross Site Scripting
Description: cPanel 9.1.0-R85 is vulnerable to Cross Site Scripting XSS in almost every field which is returned to the browser. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the...
CVE-2004-1875
Multiple cross-site scripting XSS vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to testfile.html, 2 file parameter to erredit.html, 3 dns parameter to dnslook.html, 4 account parameter to ignorelist.html, 5 account...
CVE-2004-1849
Multiple cross-site scripting XSS vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to dodelautores.html or 2 handle parameter to addhandle.html...
More Cpanel Vuls (cross site scripting)
Advisory Name: More Cpanel Vuls cross site scripting Discovered by: Fable Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com. Version Tested On: cPanel Build 9.1.0-STABLE 93 Most likely effects more Description cPanel & WebHost Manager WHM is a next generation web hosting control...
cPanel fails to verify input passed to the "user" parameter
Overview A remotely exploitable vulnerability in CPanel's password reset and login scripts may allow a remote attacker to gain control of the vulnerable system. Description Cpanel is an application that provides the ability to manage accounts and provides an interface to the end users of web...
cPanel <= 9.1.0 Multiple Vulnerabilities
The version of cPanel installed on the remote host is version 9.1.0 or earlier and thus reportedly affected by multiple issues: - The dohtaccess.html script fails to sanitize input supplied by a user and is affected by a cross-site scripting vulnerability. CVE-2004-2308 - Both the Login Page and...
Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks
Advisory Name: Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks Discovered by: Fable Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com. Versions: ?? Description cPanel & WebHost Manager WHM is a next generation web hosting control panel system. Both...