38 matches found
Ability to inject and execute any code as root in SysCP
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The System Control Panel www.SysCP.org -= Security Advisory =- Advisory: Ability to inject and execute any code as root in SysCP Release Date: 2007/02/02 Last Modified: 2007/02/07 Author: Florian Lippert [email protected] Application: SysCP =...
syscp1215-exec.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The System Control Panel www.SysCP.org -= Security Advisory =- Advisory: Ability to inject and execute any code as root in SysCP Release Date: 2007/02/02 Last Modified: 2007/02/07 Author: Florian Lippert Application: SysCP and only affects SysCP 1.2.1...
SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution
SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution source: https://www.securityfocus.com/bid/22453/info SysCP is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the...
SYSCP 1.2.15 - System Control Panel CronJob Arbitrary Code Execution
source: https://www.securityfocus.com/bid/22453/info SysCP is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with superuser privileges, resulting in the compromise of the computer. NOTE: To exploit this issue, an attacker must...
CVE-2006-0132
Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. dot dot and a trailing null in the webftplanguage parameter...
CVE-2006-0132
CVE-2006-0132 describes a directory traversal in SysCP WebFTP 1.2.6 (and possibly earlier) where an attacker can manipulate the webftp_language parameter with a “..” sequence and a trailing null to cause local PHP scripts to be included/executed, and potentially read other files. The vulnerabilit...
webftpInclude.txt
SYSCP WEBFTP LOCAL FILE INCLUSION VULNERABILITY Thomas Henlich DESCRIPTION Thomas Henlich has discovered a vulnerability in WebFTP, which can be used by remote attackers to disclose potentially sensitive information and to compromise a vulnerable system. Input passed to the "webftplanguage"...
SysCP WebFTP local file inclusion vulnerability
SYSCP WEBFTP LOCAL FILE INCLUSION VULNERABILITY Thomas Henlich DESCRIPTION Thomas Henlich has discovered a vulnerability in WebFTP, which can be used by remote attackers to disclose potentially sensitive information and to compromise a vulnerable system. Input passed to the "webftplanguage"...
CVE-2005-2568
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...
CVE-2005-2567
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter...
CVE-2005-2568
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "" and "" curly bracket characters, which are processed by the PHP eval function...
CVE-2005-2567
CVE-2005-2567 affects SysCP 1.2.10 and earlier. The vulnerability is a PHP remote file inclusion via the language parameter, enabling an attacker to execute arbitrary PHP code on the server. The issue is documented in the CVE entry and corroborated by related advisories; no explicit exploit detai...
CVE-2005-2568
CVE-2005-2568 describes an eval-injection vulnerability in SysCP's template engine affecting SysCP 1.2.10 and earlier. An attacker can supply a string containing code inside { and } that is processed by PHP eval, enabling remote execution of arbitrary PHP. The NVD CVSS data rates impact as PARTIA...
CVE-2005-2567
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter...
SysCP < 1.2.11 Multiple Script Command Execution Vulnerabilities
The remote host is running SysCP, an open source control panel written in PHP. The version of SysCP installed on the remote host uses user-supplied input to several variables in various scripts without sanitizing it. Provided PHP's 'registerglobals' setting is enabled, an attacker can exploit the...
[Full-disclosure] Advisory 13/2005: Remote code execution in SysCP
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Remote code execution in SysCP Release Date: 2005/08/09 Last Modified: 2005/08/08 Author: Christopher Kunz [email protected] Application: SysCP 1.2.10 and prio...
SysCP 1.2.x - Multiple Script Execution Vulnerabilities
SysCP 1.2.x - Multiple Script Execution Vulnerabilities source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. ...
SysCP 1.2.x - Multiple Script Execution Vulnerabilities
source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. An attacker can include remote script code and execute i...