EUVD-2005-4230

Malware in sbrugna...

EUVD-2011-4728

Malware in sbrugna...

CVE-2011-4810

Multiple directory traversal vulnerabilities in WHMCompleteSolution WHMCS 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to 1 submitticket.php and 2 downloads.php, and 3 the report parameter to admin/reports.php...

CVE-2011-4813

Directory traversal vulnerability in clientarea.php in WHMCompleteSolution WHMCS 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ dot dot slash in the templatefile parameter...

WHMCompleteSolution (WHMCS) Detection (HTTP)

HTTP based detection of WHMCompleteSolution WHMCS. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WHMCS control (WHMCompleteSolution) SQL Injection

No description provided by source. =Info======================================================================= Software: WHMCS control WHMCompleteSolution Sql Injection Vulnerability: Remote Sql Injection Google Dork: Powered by WHMCompleteSolution - or inurl:WHMCS Off. site: www.MiXaTy.com...

WHMCompleteSolution 3.x/4.x Multiple Vulnerabilities

No description provided by source. $b0x WHMCS WHMCompleteSolution 3.x / 4.x Multiple Vulnerability ! $b0x ZxH-Labs $b0x 1st-NOV-11 $b0x Www.Sec4ever.coM $b0x WH-03 On Windows IIS 6.0 ======================================================== b0x@1337b0x:/b0x/Exploits/WebAPP whoami ZxH-Labs |...

WHMCompleteSolution (WHMCS) 5.12 - 'cart.php' Denial of Service

/ source: https://www.securityfocus.com/bid/65470/info WHMCS is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to cause denial-of-service condition, denying service to legitimate users. WHMCS 5.12 is vulnerable; other versions may also be affected. /...

WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection

WHMCompleteSolution WHMCS 5.2.8 - SQL Injection Exploit Title: WHMCS 5.2.8 SQL Injection Google Dork: "powered by WHMCS" Date: 10/18/2013 Exploit Author: g00n Xploiter.net Vendor Homepage: http://www.whmcs.com/ Software Link: http://www.whmcs.com/ Version: 5.2.8 Tested on: Windows, Linux Vulnerab...

WHMCompleteSolution (WHMCS) 5.2.7 - SQL Injection

WHMCompleteSolution WHMCS 5.2.7 - SQL Injection !/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = '[email protected]' just create a dummie account at /register.php userpwd =...

Vulnerabilities in multiple web applications with GDD FLVPlayer

Hello 3APA3A! These are Content Spoofing and Cross-Site Scripting vulnerabilities in multiple web applications with GDD FLVPlayer. Earlier I've wrote about vulnerabilities in GDD FLVPlayer http://seclists.org/fulldisclosure/2013/Aug/247. This is video and audio player, which is used at thousands...

WHMCS 4.x - invoicefunctions.php?id SQL Injection

WHMCS 4.x - invoicefunctions.php?id SQL Injection Title: WHMCS 4.x SQL Injection Vulnerability Google Dork: intext:"Powered by WHMCompleteSolution" OR inurl:"submitticket.php‎"‎ Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Date: 14/5/2013 Vendor: http://www.whmcs.com Version: 4.5....

WHMCompleteSolution (WHMCS) Group Pay Plugin 1.5 - 'grouppay.php?hash' SQL Injection

Tile: WHMCS grouppay plugin SQL Injection = 1.5 Author: HJauditing Employee Tim E-mail: [email protected] Web: http://hjauditing.com/ Plugin: http://kadeo.com.au/design-and-development/whmcs-dev/whmcs-modules/72-group-pay.html ============ Introduction ============ We have found a SQL injection...

WHMCompleteSolution (WHMCS) - 'boleto_bb.php' SQL Injection

source: https://www.securityfocus.com/bid/53711/info WHMCS WHM Complete Solution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

Design/Logic Flaw

submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...

Design/Logic Flaw

functions.php in WHMCompleteSolution WHMCS 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field...

CVE-2012-0693

submitticket.php in WHMCompleteSolution WHMCS 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it...

CVE-2011-5061

CVE-2011-5061 affects WHMCS (WHMCompleteSolution) 4.0.x–5.0.x. The vulnerability lies in functions.php allowing remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket with weaponized subject data, due to improper handling of characters....

Directory traversal

Directory traversal vulnerability in clientarea.php in WHMCompleteSolution WHMCS 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ dot dot slash in the templatefile parameter...

CVE-2011-4810

CVE-2011-4810 describes multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x. The issue allows remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php, (2) downloads.php, and via the report parameter to admin/reports.php. ...