Path traversal

Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via 1 the userlanguage parameter to includes/loadlanguage.php or 2 the fantasticopath parameter to includes/mysqlconfig.php and...

CVE-2006-5883

Multiple cross-site scripting XSS vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the 1 dir parameter in a seldir.html, and the 2 user and 3 dir parameters in b newuser.html...

CVE-2006-5883

This CVE affects cPanel 10 and is caused by cross-site scripting (XSS) in the web interface, enabling remote authenticated users to inject arbitrary web script or HTML via (1) dir in seldir.html and (2) user/dir in newuser.html. The description explicitly states the vulnerability pattern and para...

cpanel10xss.txt

C P A N E L 1 0 Preth00nker at gmail dot com BY PRETH00NKER http://mexhackteam.org special dedication for my friends of: introduction Preth00nker was discovering some news vulnerabilities in cpanel 10. Cite: cPanel allows domain owners to manage and monitor their web site. This easy to use...

CVE-2006-4293

Multiple cross-site scripting XSS vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the 1 dir parameter in dohtaccess.html, or the 2 file parameter in a editit.html or b showfile.html...

CVE-2006-4293

CVE-2006-4293 describes multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 that allow remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html or the file parameter in editit.html or showfile.html. The affected component is cPanel 10; the root...

Multiple xxs cPanel 10

Multiple cross site script C P A N E L 1 0 Preth00nker at gmail dot com BY PRETH00NKER http://mexhackteam.org special dedication for my friends of: http://www.elhacker.net introduction Preth00nker was discovering some news vulnerabilities in cpanel 10. Cite: cPanel allows domain owners to manage...

Cross site scripting

Cross-site scripting XSS vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the 1 file extension or 2 mime-type...

CVE-2006-0574

CVE-2006-0574 documents a Cross-site Scripting (XSS) vulnerability in cPanel 10 related to mime/handle.html. The flaw allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type, enabling script execution within the affected interface. The vulnerabil...

CVE-2006-0573

Multiple cross-site scripting XSS vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to a editquota.html or b dodelpop.html; 2 showtree parameter to c diskusage.html; or the 3 mon, 4 year, 5 target, or 6 domain parameter ...