8 matches found
EUVD-2008-4164
Malware in sbrugna...
CVE-2008-4181
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot or absolute pathname in the...
Directory traversal
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot or absolute pathname in the...
CVE-2008-4181
The CVE-2008-4181 vulnerability affects the Netenberg Fantastico De Luxe module for cPanel (before 2.10.4 r19). It is a directory traversal in includes/xml.php that allows remote authenticated users to include and execute arbitrary local files via the fantasticopath parameter, using .. or absolut...
CVE-2008-4181
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. dot dot or absolute pathname in the...
CVE-2004-2398
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5...
CVE-2004-2398
Vulnerability summary (CVE-2004-2398): Netenberg Fantastico De Luxe 2.8 stores database file names that reveal usernames because file names in the database directory are readable. This enables local attackers to enumerate valid usernames by listing files under /var/lib/mysql, where permissions we...
CVE-2004-2398
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5...