12 matches found
EUVD-2012-5568
Malware in sbrugna...
EUVD-2012-5567
Malware in sbrugna...
EUVD-2013-7277
Malware in sbrugna...
CVE-2013-10052
ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell...
CVE-2013-10052 ZPanel zsudo Local Privilege Escalation
ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell...
CVE-2013-10053
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...
CVE-2013-10053
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...
CVE-2013-10053 ZPanel <= 10.0.0.2 htpasswd Module Username Command Execution
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...
CVE-2013-10053
CVE-2013-10053 describes a remote command execution in ZPanel 10.0.0.2’s htpasswd module. The inHTUsername field is passed unsanitized to a system() call that invokes htpasswd, allowing an authenticated attacker (Users/Resellers/Administrators) to inject shell metacharacters and execute arbitrary...
CVE-2013-10053 ZPanel <= 10.0.0.2 htpasswd Module Username Command Execution
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system call that invokes the system’s htpasswd binary. By injecting shell metacharacters into the username field, an...
PT-2025-31689 · Zpanel · Zpanel
Name of the Vulnerable Software and Affected Versions: ZPanel version 10.0.0.2 Description: A remote command execution issue exists in the htpasswd module. The inHTUsername field, when creating .htaccess files, is passed to a system call without proper sanitization, which invokes the system’s...
ZPanel <= 2.5 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ========================================== ZPanel = 2.5 Remote SQL Injection Exploit ========================================== Tested and working /str0ke It is possible to include arbitrary file: local - in version ZPanel = 2.5 beta 10,...