Acronis多款产品 安全漏洞

Acronis Backup plugin for cPanel & WHM Linux, etc. is a plugin from Acronis Switzerland. A security vulnerability exists in various Acronis products that stems from improper handling of symbolic links, resulting in arbitrary file overwrites during recovery. The following products and versions are...

The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers targets programming environments such as cPanel & WHM, Plesk, and DirectAdmin, running on Linux operating systems. This vulnerability allows attackers to gain increased privileges.

The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers, as well as for cPanel & WHM, Plesk, and DirectAdmin operating systems on Linux, is related to errors in privilege management. Exploiting this vulnerability can allow attackers to...

CVE-2024-8767

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 619, Acronis Backup extension for Plesk Linux before build 555, Acronis Backup plugin for DirectAdmin Linux before...

CVE-2024-8767

Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM Linux before build 619, Acronis Backup extension for Plesk Linux before build 555, Acronis Backup plugin for DirectAdmin Linux before...

CVE-2024-8767

CVE-2024-8767 affects Acronis Backup plugins/extensions for Linux: cPanel & WHM plugin (pre-619), Plesk extension (pre-555), and DirectAdmin plugin (pre-147). Root cause is unnecessary privilege assignment that enables sensitive data disclosure and data manipulation with network access and low pr...

Acronis多款产品 安全漏洞

Acronis Backup plugin for cPanel & WHM Linux, etc. is a plugin from Acronis Switzerland. A security vulnerability exists in various Acronis products, which stems from an unnecessary privilege assignment leading to the disclosure of sensitive data. The following products and versions are affected:...

PT-2024-9769 · Directadmin +3 · Directadmin +5

Name of the Vulnerable Software and Affected Versions: Acronis Backup plugin for cPanel & WHM Linux versions before build 818 Acronis Backup extension for Plesk Linux versions before build 599 Acronis Backup plugin for DirectAdmin Linux versions before build 181 Description: The issue is related ...

Endless Group: Weak Password Policy via DirectAdmin Password Change Functionality

The product did not require users to have strong passwords, making it easier for attackers to compromise user accounts...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

Cross site request forgery (csrf)

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

CVE-2019-11193

The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMDFILEMANAGER, CMDSHOWUSER, and CMDSHOWRESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel...

CVE-2019-11193

CVE-2019-11193 affects InfinitumIT DirectAdmin up to and including v1.561. The FileManager component is vulnerable to XSS via the endpoints CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER, which attackers can trigger to bypass CSRF protection and potentially take over the administration pa...

PT-2019-12174

Name of the Vulnerable Software and Affected Versions InfinitumIT DirectAdmin versions prior to v1.561 Description The issue concerns the FileManager in InfinitumIT DirectAdmin, where an attacker can exploit XSS via CMD FILE MANAGER, CMD SHOW USER, and CMD SHOW RESELLER. This allows the attacker ...

DirectAdmin 1.561 - Multiple Vulnerabilities

Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr Description: Multiple security vulnerabilities ha...

DirectAdmin 1.561 - Multiple Vulnerabilities

DirectAdmin 1.561 - Multiple Vulnerabilities Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr...

DirectAdmin 1.561 - Multiple Vulnerabilities

Exploit for php platform in category web applications Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 email protected && infinitumit.com.tr Description: Multipl...

DirectAdmin 1.561 Cross Site Scripting

Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: Numan OZDEMIR Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && [email protected] Detailed:...

DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADM...

DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery

Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADMIN Version: 1.55 CVE: CVE-2019-9625...