CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Multiple cross-site scripting XSS vulnerabilities in CMDDOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the 1 select0 or 2 select8 parameters...

4.3CVSS5.6AI score0.0024EPSS

Exploits2References1

NVD•added 2019/03/07 3:29 p.m.•14 views

CVE-2019-9625

JBMC DirectAdmin 1.55 allows CSRF via the /CMDACCOUNTADMIN URI to create a new admin account...

8.8CVSS8.6AI score0.00245EPSS

Exploits5References2

Cvelist•added 2019/03/07 3:0 p.m.•18 views

CVE-2019-9625

JBMC DirectAdmin 1.55 allows CSRF via the /CMDACCOUNTADMIN URI to create a new admin account...

8.7AI score0.00245EPSS

Exploits5References2

CVE•added 2019/03/07 3:0 p.m.•83 views

CVE-2019-9625

DirectAdmin 1.55 is vulnerable to a Cross-Site Request Forgery (CSRF) via the CMD_ACCOUNT_ADMIN URI, enabling an attacker to create a new admin account. The flaw is triggered in scenarios where an authenticated admin visits a crafted page or form that issues a POST to /CMD_ACCOUNT_ADMIN, as descr...

8.8CVSS8.6AI score0.00245EPSS

Exploits5References2Affected Software1

CNVD•added 2018/01/24 12:0 a.m.•6 views

Unspecified Vulnerability in JBMC DirectAdmin

JBMC DirectAdmin is a server visual management panel from JBMC Software Canada. A security vulnerability exists in JBMC DirectAdmin versions prior to 1.52. A remote attacker can exploit this vulnerability by sending a request to gain access or cause a denial of service segmentation error...

9.8CVSS7AI score0.00727EPSS

Exploits0References1

Prion•added 2018/01/21 7:29 a.m.•10 views

Design/Logic Flaw

JBMC DirectAdmin before 1.52, when the emailftppasswordchange setting is nonzero, allows remote attackers to obtain access or cause a denial of service segfault via an unspecified request...

7.5CVSS9.1AI score0.00727EPSS

Exploits0References1Affected Software1

OSV•added 2018/01/21 7:29 a.m.•2 views

CVE-2017-18045

JBMC DirectAdmin before 1.52, when the emailftppasswordchange setting is nonzero, allows remote attackers to obtain access or cause a denial of service segfault via an unspecified request...

9.8CVSS5.8AI score

Exploits0References1

CVE•added 2018/01/21 7:0 a.m.•87 views

CVE-2017-18045

CVE-2017-18045 affects JBMC DirectAdmin prior to 1.52. When the email_ftp_password_change setting is nonzero, remote attackers can obtain access or cause a denial of service (segmentation fault) via an unspecified request. Connected sources corroborate the description across Red Hat and CNVD entr...

9.8CVSS9.1AI score0.00727EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/01/21 7:0 a.m.•11 views

CVE-2017-18045

JBMC DirectAdmin before 1.52, when the emailftppasswordchange setting is nonzero, allows remote attackers to obtain access or cause a denial of service segfault via an unspecified request...

9.3AI score0.00727EPSS

Exploits0References1

seebug.org•added 2012/10/10 12:0 a.m.•36 views

DirectAdmin 'CMD_DOMAIN'跨站脚本漏洞

Bugtraq ID:52848 CVE ID:CVE-2012-5305 DirectAdmin是一款功能强大的虚拟主机在线管理系统 JBMC Software DirectAdmin CMDDOMAIN存在跨站脚本漏洞，允许攻击者通过domain参数注入任意WEB脚本或HTML，可获得敏感信息或劫持用户会话 0 JBMC Software DirectAdmin 1.403 厂商解决方案目前没有详细解决方案提供： http://directadmin.com/...

4.3CVSS6.7AI score0.00285EPSS

Exploits1

Prion•added 2012/10/06 10:55 p.m.•17 views

Cross site scripting

Cross-site scripting XSS vulnerability in CMDDOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter...

4.3CVSS6.1AI score0.00285EPSS

Exploits1References4Affected Software1

CVE•added 2012/10/06 10:0 p.m.•43 views

CVE-2012-5305

The CVE-2012-5305 entry concerns JBMC Software DirectAdmin 1.403, with the vulnerable component CMD_DOMAIN. The root cause is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML by supplying a manipulated domain parameter. The documentation explic...

4.3CVSS5.9AI score0.00285EPSS

Exploits1References4Affected Software1

NVD•added 2012/07/03 10:55 p.m.•15 views

CVE-2012-3842

4.3CVSS5.5AI score0.0024EPSS

Exploits2References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by