6 matches found
CVE-2015-4119
ISPConfig contains CSRF vulnerabilities before 3.0.5.4p7 that can allow remote attackers to hijack admin sessions via admin/users_edit.php and to trigger SQL injections via monitor/show_sys_state.php. The issue is confirmed in multiple sources (NVD/NVD-derived records) and is linked to cross-site...
Multiple Vulnerabilities in ISPConfig
Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: June 1...
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities
Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: June 1...
ISPConfig 3.0.5.4p6 SQL Injection / Cross Site Request Forgery
Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: June 1...
ISPConfig 3.0.5.4p6 SQL Injection / Cross Site Request Forgery Vulnerabilities
ISPConfig version 3.0.5.4p6 suffers from cross site request forgery and remote SQL injection vulnerabilities. Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical detail...
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities
ISPConfig 3.0.5.4p6 - Multiple Vulnerabilities Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendo...