DirectAdmin 1.28/1.29 CMD_SHOW_RESELLER user Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin <= 1.33.6 'CMD_DB_VIEW' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38721/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary script code in the...

DirectAdmin 1.28/1.29 CMD_EMAIL_VACATION_MODIFY user Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin <= 1.33.6 'CMD_REDIRECT' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35450/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can leverage this issue to execute arbitrary script code in the...

DirectAdmin 1.28/1.29 CMD_EMAIL_FORWARDER_MODIFY user Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin 1.28/1.29 CMD_EMAIL_LIST name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin 1.28/1.29 CMD_TICKET type Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability

No description provided by source. Vendor: http://www.directadmin.com/ Code : Create Administrator : html titleDirectAdmin v1.34.0 XSRF Create Administrator Vulnerability/title !--!Set You'r victim By SarBoT511 !-- form name=reseller action=http://site.com:2222/CMDACCOUNTADMIN method=post input...

DirectAdmin 1.34.4 - Multi CSRF vulnerability

No description provided by source. ============================================================================= Title : Multi CSRF vulnerability in DirectAdmin 1.34.4 Date : 20-3-2010 Version : 1.34.4 Author : K053 K053.Dev0te3 AT gmail Tested on : Ubuntu Vendor : http://www.directadmin.com/...

DirectAdmin 1.28/1.29 CMD_FTP_SHOW DOMAIN Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin <= 1.33.3 '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34676/info DirectAdmin creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files. Th...

DirectAdmin <= 1.33.6 Symlink Permission Bypass

No description provided by source. Subject: DirectAdmin = 1.33.6 Symlink Permission Bypass Date: 5/1/21010 Author: alnjm33 Tested on: 1.33.6 -- 1.33.1 and i think it's work in all versions Home:sec-war.com...

DirectAdmin 1.28/1.29 CMD_TICKET_CREATE TYPE Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21049/info DirectAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

DirectAdmin 1.28/1.29 CMD_SHOW_USER user Parameter XSS

No description provided by source...

Softaculous Import权限提升漏洞

Softaculous是一款cPanel和DirectAdmin的自动安装程序。 由于导入程序是的为名错误，攻击者可以利用漏洞活动root权限。 0 Softaculous 4.x 厂商补丁： Softaculous ----- Softaculous 4.3.8版本以修复此漏洞，建议用户下载使用： http://www.softaculous.com/softaculous/...

DirectAdmin 'CMD_DOMAIN'跨站脚本漏洞

Bugtraq ID:52848 CVE ID:CVE-2012-5305 DirectAdmin是一款功能强大的虚拟主机在线管理系统 JBMC Software DirectAdmin CMDDOMAIN存在跨站脚本漏洞，允许攻击者通过domain参数注入任意WEB脚本或HTML，可获得敏感信息或劫持用户会话 0 JBMC Software DirectAdmin 1.403 厂商解决方案 目前没有详细解决方案提供： http://directadmin.com/...

CVE-2012-5305

Cross-site scripting XSS vulnerability in CMDDOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in CMDDOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter...

CVE-2012-5305

The CVE-2012-5305 entry concerns JBMC Software DirectAdmin 1.403, with the vulnerable component CMD_DOMAIN. The root cause is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML by supplying a manipulated domain parameter. The documentation explic...

CVE-2012-5305

Cross-site scripting XSS vulnerability in CMDDOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter...