CVE-2007-3501

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508...

CVE-2007-3501

DirectAdmin CMD_USER_STATS has an XSS vulnerability in versions 1.30.1 and earlier. The issue allows remote attackers to inject arbitrary script/HTML via the domain parameter (a separate vector from CVE-2007-1508). The connected records confirm the affected component and vector but do not provide...

CVE-2007-3501

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508...

DirectAdmin XSS vuln.

DirectAdmin XSS vuln. Vuln. discovered by : r0t Date: 28 June 2007 vendor:http://www.directadmin.com orginal advisory: http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html affected versions:v1.30.1 and previous DirectAdmin contains a flaw that allows a remote Cross-Site Scripting...

Cross site scripting

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

CVE-2007-1926

CVE-2007-1926 affects JBMC Software DirectAdmin before 1.293. The vulnerability arises because DirectAdmin does not properly display log files, enabling cross-site scripting (XSS) via user-controlled input logged in multiple files (e.g., /var/log/directadmin/security.log, /var/log/messages, /var/...

CVE-2007-1926

Cross-site scripting XSS vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via 1 http or 2 ftp requests logged in /var/log/directadmin/security.log; 3 allows context-dependent...

DirectAdmin persistant XSS [takeover an Administrator`s account]

Subject: DirectAdmin persistant XSS takeover an Administrators account + Version: DirectAdmin 1.29.3 + Discovered by: Kanedaaa: http://kaneda.bohater.net + DirectAdmin Description: DirectAdmin is a popular, advanced Web Control Panel with many features for webhosting. www.directadmin.com +...

directadmin1293-xss.txt

Subject: DirectAdmin persistant XSS takeover an Administrators account + Version: alert'0wned:'+escapedocument.cookie; Lines in log files: mainlog: 2007-03-23 19:...

Cross site scripting

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983...

CVE-2007-1508

Cross-site scripting XSS vulnerability in CMDUSERSTATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983...

CVE-2007-1508

CVE-2007-1508 concerns DirectAdmin, specifically the CMD_USER_STATS component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. The description confirms an XSS flaw in DirectAdmin’s user stats handlin...

DirectAdmin Cross Site Scripting XSS

-=Fusi0n Group=- Script name .....: DirectAdmin Script site .....: http://directadmin.com Release Date ....: 15/03/2007 Version .........: All Find by .........: Mandr4ke Contact .........: Mandr4ke.rootatgmail.com Greetings .......: Fusi0nGroup & DevilTeam & Nof...

DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22996/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting

DirectAdmin 1.292 - CMDUSERSTATS Cross-Site Scripting source: https://www.securityfocus.com/bid/22996/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

CVE-2006-5983

Multiple cross-site scripting XSS vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 user parameter to a CMDSHOWRESELLER or b CMDSHOWUSER in the Admin level; the 2 TYPE parameter to c CMDTICKETCREATE or d CMDTICKET...

CVE-2006-5983

CVE-2006-5983 concerns DirectAdmin 1.28.1 with multiple reflected XSS vectors. The connected PTSecurity entry details that remote authenticated users can inject arbitrary script/HTML via a range of parameters and commands: user parameter to CMD SHOW RESELLER/SHOW USER (Admin level); TYPE paramete...

CVE-2006-5983

Multiple cross-site scripting XSS vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 user parameter to a CMDSHOWRESELLER or b CMDSHOWUSER in the Admin level; the 2 TYPE parameter to c CMDTICKETCREATE or d CMDTICKET...