WHMCompleteSolution 3.x/4.x Multiple Vulnerabilities

No description provided by source. $b0x WHMCS WHMCompleteSolution 3.x / 4.x Multiple Vulnerability ! $b0x ZxH-Labs $b0x 1st-NOV-11 $b0x Www.Sec4ever.coM $b0x WH-03 On Windows IIS 6.0 ======================================================== b0x@1337b0x:/b0x/Exploits/WebAPP whoami ZxH-Labs |...

WHMCS 4.x - invoicefunctions.php?id SQL Injection

WHMCS 4.x - invoicefunctions.php?id SQL Injection Title: WHMCS 4.x SQL Injection Vulnerability Google Dork: intext:"Powered by WHMCompleteSolution" OR inurl:"submitticket.php‎"‎ Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Date: 14/5/2013 Vendor: http://www.whmcs.com Version: 4.5....

CVE-2012-0693

submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...

Design/Logic Flaw

submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...

CVE-2012-0693

WHMCS/WHMCompleteSolution 5.03 is affected by CVE-2012-0693: submitticket.php allows remote attackers to inject code into the ticket subject via crafted data, due to improper handling of characters in the subject field. This is a separate issue from CVE-2011-5061. The vendor notes overlap with CV...

CVE-2012-0693

submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...

CVE-2011-4810

Multiple directory traversal vulnerabilities in WHMCompleteSolution WHMCS 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to 1 submitticket.php and 2 downloads.php, and 3 the report parameter to admin/reports.php...

Directory traversal

Multiple directory traversal vulnerabilities in WHMCompleteSolution WHMCS 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to 1 submitticket.php and 2 downloads.php, and 3 the report parameter to admin/reports.php...

WHMCompleteSolution 3.x/4.x - Multiple Vulnerabilities

$b0x WHMCS WHMCompleteSolution 3.x / 4.x Multiple Vulnerability ! $b0x ZxH-Labs $b0x 1st-NOV-11 $b0x Www.Sec4ever.coM $b0x WH-03 On Windows IIS 6.0 ======================================================== b0x@1337b0x:/b0x/Exploits/WebAPP whoami ZxH-Labs | Www.Sec4ever.coM...

CVE-2010-1702

CVE-2010-1702 : Affected software is WHMCompleteSolution (WHMCS) 4.2. The vulnerability is a SQL injection in submitticket.php via the deptid parameter, allowing remote attackers to execute arbitrary SQL commands. This can impact confidentiality, integrity, and availability as described by the NV...