Lucene search
K

38 matches found

securityvulns
securityvulns
added 2007/02/08 12:0 a.m.83 views

Ability to inject and execute any code as root in SysCP

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The System Control Panel www.SysCP.org -= Security Advisory =- Advisory: Ability to inject and execute any code as root in SysCP Release Date: 2007/02/02 Last Modified: 2007/02/07 Author: Florian Lippert [email protected] Application: SysCP =...

0.6AI score
Exploits0
Packet Storm
Packet Storm
added 2007/02/08 12:0 a.m.38 views

syscp1215-exec.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The System Control Panel www.SysCP.org -= Security Advisory =- Advisory: Ability to inject and execute any code as root in SysCP Release Date: 2007/02/02 Last Modified: 2007/02/07 Author: Florian Lippert Application: SysCP and only affects SysCP 1.2.1...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2007/02/07 12:0 a.m.16 views

SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution

SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution source: https://www.securityfocus.com/bid/22453/info SysCP is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/07 12:0 a.m.22 views

SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution

source: https://www.securityfocus.com/bid/22453/info SysCP is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the compromise of the computer. NOTE: To exploit this issue, an attacker must...

7.4AI score
Exploits0
NVD
NVD
added 2006/01/09 11:3 a.m.13 views

CVE-2006-0132

Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. dot dot and a trailing null in the webftplanguage parameter...

5CVSS7.2AI score0.01598EPSS
Exploits0References5
CVE
CVE
added 2006/01/09 11:0 a.m.39 views

CVE-2006-0132

CVE-2006-0132 describes a directory traversal in SysCP WebFTP 1.2.6 (and possibly earlier) where an attacker can manipulate the webftp_language parameter with a “..” sequence and a trailing null to cause local PHP scripts to be included/executed, and potentially read other files. The vulnerabilit...

5CVSS7.3AI score0.01598EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2006/01/08 12:0 a.m.32 views

webftpInclude.txt

SYSCP WEBFTP LOCAL FILE INCLUSION VULNERABILITY Thomas Henlich DESCRIPTION Thomas Henlich has discovered a vulnerability in WebFTP, which can be used by remote attackers to disclose potentially sensitive information and to compromise a vulnerable system. Input passed to the "webftplanguage"...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/01/07 12:0 a.m.37 views

SysCP WebFTP local file inclusion vulnerability

SYSCP WEBFTP LOCAL FILE INCLUSION VULNERABILITY Thomas Henlich DESCRIPTION Thomas Henlich has discovered a vulnerability in WebFTP, which can be used by remote attackers to disclose potentially sensitive information and to compromise a vulnerable system. Input passed to the "webftplanguage"...

1.7AI score
Exploits0
Cvelist
Cvelist
added 2005/08/16 4:0 a.m.26 views

CVE-2005-2568

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...

7.7AI score0.01572EPSS
Exploits0References3
NVD
NVD
added 2005/08/16 4:0 a.m.20 views

CVE-2005-2567

PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter...

7.5CVSS7.6AI score0.01528EPSS
Exploits0References3
NVD
NVD
added 2005/08/16 4:0 a.m.22 views

CVE-2005-2568

Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...

7.5CVSS7.7AI score0.01572EPSS
Exploits0References3
CVE
CVE
added 2005/08/16 4:0 a.m.48 views

CVE-2005-2567

CVE-2005-2567 affects SysCP 1.2.10 and earlier. The vulnerability is a PHP remote file inclusion via the language parameter, enabling an attacker to execute arbitrary PHP code on the server. The issue is documented in the CVE entry and corroborated by related advisories; no explicit exploit detai...

7.5CVSS7.7AI score0.01528EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/08/16 4:0 a.m.69 views

CVE-2005-2568

CVE-2005-2568 describes an eval-injection vulnerability in SysCP's template engine affecting SysCP 1.2.10 and earlier. An attacker can supply a string containing code inside { and } that is processed by PHP eval, enabling remote execution of arbitrary PHP. The NVD CVSS data rates impact as PARTIA...

7.5CVSS7.8AI score0.01572EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2005/08/16 4:0 a.m.22 views

CVE-2005-2567

PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter...

7.6AI score0.01528EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2005/08/10 12:0 a.m.33 views

SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities

The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...

7.5CVSS6.2AI score0.01572EPSS
Exploits0References3
securityvulns
securityvulns
added 2005/08/08 12:0 a.m.20 views

[Full-disclosure] Advisory 13/2005: Remote code execution in SysCP

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Remote code execution in SysCP Release Date: 2005/08/09 Last Modified: 2005/08/08 Author: Christopher Kunz [email protected] Application: SysCP 1.2.10 and prio...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2005/08/08 12:0 a.m.15 views

SysCP 1.2.x - Multiple Script Execution Vulnerabilities

SysCP 1.2.x - Multiple Script Execution Vulnerabilities source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. ...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2005/08/08 12:0 a.m.29 views

SysCP 1.2.x - Multiple Script Execution Vulnerabilities

source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute i...

7.4AI score
Exploits0
Rows per page
Query Builder