3955 matches found
Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks
Advisory Name: Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks Discovered by: Fable Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com. Versions: ?? Description cPanel & WebHost Manager WHM is a next generation web hosting control panel system. Both...
cPanel 56789 - Login Script Remote Command Execution
cPanel 56789 - Login Script Remote Command Execution source: https://www.securityfocus.com/bid/9855/info A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login...
cPanel 56789 - dir Cross-Site Scripting
cPanel 56789 - dir Cross-Site Scripting source: https://www.securityfocus.com/bid/9853/info It has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to...
cPanel 5/6/7/8/9 - 'dir' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9853/info It has been reported that cPanel may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplie...
cPanel 5/6/7/8/9 - Login Script Remote Command Execution
source: https://www.securityfocus.com/bid/9855/info A potential remote command execution vulnerability has been discovered in the cPanel application. This issue occurs due to insufficient sanitization of externally supplied data to the login script. An attacker may exploit this problem by craftin...
cpanelroot.txt
Hi all when i tried to rest my pass i'm tried this url: http://cpanel.com:2082/resetpass/?user=|"ls"| it give me this / sh: line 1: /var/cpanel/users/: is a directory "sh: line 1: ls: command not found" Password Reset Resetting password for |"ls"|: A confirmation email has been sent to the email...
CVE-2004-1769
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass...
CVE-2004-1770
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter...
cPanel 5/6/7/8/9 - Resetpass Remote Command Execution
source: https://www.securityfocus.com/bid/9848/info A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that handles resetting user passwords. An attacker may...
cPanel 56789 - Resetpass Remote Command Execution
cPanel 56789 - Resetpass Remote Command Execution source: https://www.securityfocus.com/bid/9848/info A potential remote command execution vulnerability has been discovered in the cPanel Application. This issue occurs due to insufficient sanitization of externally supplied data to the script that...
CVE-2003-1425
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter...
CVE-2003-1426
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPTFILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPTFILENAME to reference a directory containing a malicious openwebmail-shared.pl...
CVE-2003-0521
Cross-site scripting XSS vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the 1 Error Log or 2 Latest Visitors screens...
CVE-2003-0521
Cross-site scripting XSS vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the 1 Error Log or 2 Latest Visitors screens...
CVE-2003-0521
CVE-2003-0521 is a documented XSS vulnerability in cPanel 6.4.2 where a URL containing script is logged and displayed in the Error Log or Latest Visitors screens, enabling remote attackers to inject arbitrary HTML and potentially gain privileges. The CVSS vector (AV:N/AC:M/Au:N/C:P/I:P/A:P) yield...
cPanel Malicious HTML Tags Injection Vulnerability
------------------------------------------------------------------------------- ----- cPanel Malicious HTML Tags Injection Vulnerability ------------------------------------------------------------------------------- -- Author: Ory Segal, Sanctum inc. http://www.SanctumInc.com -- Discovery Date:...
CPanel 5.05.36.x - Admin Interface HTML Injection
CPanel 5.05.36.x - Admin Interface HTML Injection source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by ...
CPanel 5.0/5.3/6.x - Admin Interface HTML Injection
source: https://www.securityfocus.com/bid/8119/info cPanel is prone to an HTML injection vulnerability. It is possible for remote attacks to include hostile HTML and script code in requests to cPanel, which will be logged. When logs are viewed by an administrative user, the injected code could be...
cPanel 56 Formail-Clone - E-Mail Restriction Bypass
cPanel 56 Formail-Clone - E-Mail Restriction Bypass source: https://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the...
cPanel 5/6 / Formail-Clone - E-Mail Restriction Bypass
source: https://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the vulnerable host. This issue may be exploited by an attack...