7 matches found
VHCS 2.4.7.1 - vhcs2_daemon Remote Code Execution
VHCS 2.4.7.1 - vhcs2daemon Remote Code Execution !/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller...
VHCS 2.4.7.1 - 'vhcs2_daemon' Remote Code Execution
!/usr/bin/php -q http://acid-root.new.fr/ [email protected] Exploit: + Logged in Administrator + The administrator has 2 resellers / Changing dareseller's password / Trying to connect as dareseller:thatpwnz + Login successful + The reseller has 2 users + Host domaintest.fr is connected /...
Session fixation
Session fixation vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter...
Design/Logic Flaw
adduser.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access...
CVE-2006-0683
Cross-site scripting XSS vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log...
CVE-2006-0686
adduser.php in Virtual Hosting Control System VHCS 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access...
CVE-2006-0683
Cross-site scripting XSS vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log...