Lucene search
K

3955 matches found

securityvulns
securityvulns
added 2004/03/13 12:0 a.m.24 views

Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks

Advisory Name: Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks Discovered by: Fable Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com. Versions: ?? Description cPanel & WebHost Manager WHM is a next generation web hosting control panel system. Both...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2004/03/12 12:0 a.m.20 views

cPanel 56789 - Login Script Remote Command Execution

cPanel 56789 - Login Script Remote Command Execution source: https://www.securityfocus.com/bid/9855/info A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2004/03/12 12:0 a.m.13 views

cPanel 56789 - dir Cross-Site Scripting

cPanel 56789 - dir Cross-Site Scripting source: https://www.securityfocus.com/bid/9853/info It has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/03/12 12:0 a.m.35 views

cPanel 5/6/7/8/9 - 'dir' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9853/info It has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplie...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/03/12 12:0 a.m.48 views

cPanel 5/6/7/8/9 - Login Script Remote Command Execution

source: https://www.securityfocus.com/bid/9855/info A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login script. An attacker may exploit this problem by craftin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2004/03/12 12:0 a.m.29 views

cpanelroot.txt

Hi all when i tried to rest my pass i'm tried this url: http://cpanel.com:2082/resetpass/?user=|"ls"| it give me this / sh: line 1: /var/cpanel/users/: is a directory "sh: line 1: ls: command not found" Password Reset Resetting password for |"ls"|: A confirmation email has been sent to the email...

7.4AI score
Exploits0
NVD
NVD
added 2004/03/11 5:0 a.m.22 views

CVE-2004-1769

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass...

10CVSS7.8AI score0.30258EPSS
Exploits1References6
NVD
NVD
added 2004/03/11 5:0 a.m.19 views

CVE-2004-1770

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter...

10CVSS7.8AI score0.10222EPSS
Exploits1References5
Exploit DB
Exploit DB
added 2004/03/11 12:0 a.m.57 views

cPanel 5/6/7/8/9 - Resetpass Remote Command Execution

source: https://www.securityfocus.com/bid/9848/info A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords. An attacker may...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/03/11 12:0 a.m.23 views

cPanel 56789 - Resetpass Remote Command Execution

cPanel 56789 - Resetpass Remote Command Execution source: https://www.securityfocus.com/bid/9848/info A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that...

Exploits0
NVD
NVD
added 2003/12/31 5:0 a.m.19 views

CVE-2003-1425

guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter...

10CVSS7.6AI score0.11483EPSS
Exploits1References3
NVD
NVD
added 2003/12/31 5:0 a.m.16 views

CVE-2003-1426

Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPTFILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPTFILENAME to reference a directory containing a malicious openwebmail-shared.pl...

3.3CVSS7.2AI score0.00463EPSS
Exploits1References3
NVD
NVD
added 2003/08/18 4:0 a.m.17 views

CVE-2003-0521

Cross-site scripting XSS vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the 1 Error Log or 2 Latest Visitors screens...

6.8CVSS6.1AI score0.01647EPSS
Exploits0References1
Cvelist
Cvelist
added 2003/07/10 4:0 a.m.20 views

CVE-2003-0521

Cross-site scripting XSS vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the 1 Error Log or 2 Latest Visitors screens...

6.1AI score0.01647EPSS
Exploits0References1
CVE
CVE
added 2003/07/10 4:0 a.m.56 views

CVE-2003-0521

CVE-2003-0521 is a documented XSS vulnerability in cPanel 6.4.2 where a URL containing script is logged and displayed in the Error Log or Latest Visitors screens, enabling remote attackers to inject arbitrary HTML and potentially gain privileges. The CVSS vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) yield...

6.8CVSS6.3AI score0.01647EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/07/08 12:0 a.m.47 views

cPanel Malicious HTML Tags Injection Vulnerability

------------------------------------------------------------------------------- ----- cPanel Malicious HTML Tags Injection Vulnerability ------------------------------------------------------------------------------- -- Author: Ory Segal, Sanctum inc. http://www.SanctumInc.com -- Discovery Date:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2003/07/07 12:0 a.m.18 views

CPanel 5.05.36.x - Admin Interface HTML Injection

CPanel 5.05.36.x - Admin Interface HTML Injection source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by ...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/07/07 12:0 a.m.24 views

CPanel 5.0/5.3/6.x - Admin Interface HTML Injection

source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2003/05/30 12:0 a.m.20 views

cPanel 56 Formail-Clone - E-Mail Restriction Bypass

cPanel 56 Formail-Clone - E-Mail Restriction Bypass source: https://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/05/30 12:0 a.m.28 views

cPanel 5/6 / Formail-Clone - E-Mail Restriction Bypass

source: https://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host. This issue may be exploited by an attack...

7.4AI score
Exploits0
Rows per page
Query Builder