Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
DirectadminDirectadmin

14 matches found

CVE
CVEadded 2018/01/21 7:0 a.m.87 views

CVE-2017-18045

CVE-2017-18045 affects JBMC DirectAdmin prior to 1.52. When the email_ftp_password_change setting is nonzero, remote attackers can obtain access or cause a denial of service (segmentation fault) via an unspecified request. Connected sources corroborate the description across Red Hat and CNVD entr...

9.8CVSS9.1AI score0.00727EPSS
CVE
CVEadded 2019/04/30 6:36 p.m.84 views

CVE-2019-11193

CVE-2019-11193 affects InfinitumIT DirectAdmin up to and including v1.561. The FileManager component is vulnerable to XSS via the endpoints CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER, which attackers can trigger to bypass CSRF protection and potentially take over the administration pa...

6.8CVSS8.4AI score0.01231EPSS
CVE
CVEadded 2019/03/07 3:0 p.m.81 views

CVE-2019-9625

DirectAdmin 1.55 is vulnerable to a Cross-Site Request Forgery (CSRF) via the CMD_ACCOUNT_ADMIN URI, enabling an attacker to create a new admin account. The flaw is triggered in scenarios where an authenticated admin visits a crafted page or form that issues a POST to /CMD_ACCOUNT_ADMIN, as descr...

8.8CVSS8.6AI score0.00245EPSS
Web
CVE
CVEadded 2009/05/05 8:0 p.m.52 views

CVE-2009-1526

CVE-2009-1526 affects JBMC Software DirectAdmin versions prior to 1.334. The vulnerability is a local privilege issue where an attacker can create or overwrite arbitrary files via a symlink attack on a temporary file used in the CMD_DB script during a backup action. The root cause is improper han...

6.9CVSS6.6AI score0.00474EPSS
CVE
CVEadded 2007/06/30 1:0 a.m.50 views

CVE-2007-3501

DirectAdmin CMD_USER_STATS has an XSS vulnerability in versions 1.30.1 and earlier. The issue allows remote attackers to inject arbitrary script/HTML via the domain parameter (a separate vector from CVE-2007-1508). The connected records confirm the affected component and vector but do not provide...

4.3CVSS5.7AI score0.00507EPSS
CVE
CVEadded 2007/03/20 10:0 a.m.48 views

CVE-2007-1508

CVE-2007-1508 concerns DirectAdmin, specifically the CMD_USER_STATS component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. The description confirms an XSS flaw in DirectAdmin’s user stats handlin...

4.3CVSS5.6AI score0.00474EPSS
CVE
CVEadded 2007/09/12 7:0 p.m.48 views

CVE-2007-4830

The CVE-2007-4830 entry describes a Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN affecting DirectAdmin 1.30.2 and earlier. The underlying issue allows an attacker to inject arbitrary web script or HTML via the user parameter. According to the NVD entry, the impact is limite...

4.3CVSS5.7AI score0.00411EPSS
CVE
CVEadded 2006/11/20 9:0 p.m.47 views

CVE-2006-5983

CVE-2006-5983 concerns DirectAdmin 1.28.1 with multiple reflected XSS vectors. The connected PTSecurity entry details that remote authenticated users can inject arbitrary script/HTML via a range of parameters and commands: user parameter to CMD SHOW RESELLER/SHOW USER (Admin level); TYPE paramete...

6CVSS5.4AI score0.0047EPSS
CVE
CVEadded 2012/07/03 10:0 p.m.46 views

CVE-2012-3842

CVE-2012-3842 affects JBMC Software DirectAdmin 1.403, with multiple XSS flaws in CMD_DOMAIN that allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the select0 or select8 parameters. The connected PT-2012-5038 entry provides concrete details on af...

4.3CVSS5.5AI score0.0024EPSS
Web
CVE
CVEadded 2007/04/10 11:0 p.m.44 views

CVE-2007-1926

CVE-2007-1926 affects JBMC Software DirectAdmin before 1.293. The vulnerability arises because DirectAdmin does not properly display log files, enabling cross-site scripting (XSS) via user-controlled input logged in multiple files (e.g., /var/log/directadmin/security.log, /var/log/messages, /var/...

6.8CVSS5.5AI score0.02012EPSS
CVE
CVEadded 2012/10/06 10:0 p.m.43 views

CVE-2012-5305

The CVE-2012-5305 entry concerns JBMC Software DirectAdmin 1.403, with the vulnerable component CMD_DOMAIN. The root cause is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML by supplying a manipulated domain parameter. The documentation explic...

4.3CVSS5.9AI score0.00285EPSS
CVE
CVEadded 2009/05/05 8:0 p.m.40 views

CVE-2009-1525

DirectAdmin (JBMC Software) CMD_DB vulnerability CVE-2009-1525 affects DirectAdmin before 1.334. Remote authenticated users can gain privileges by supplying shell metacharacters in the name parameter during a restore action. Root cause involves processing of shell metacharacters in the restore wo...

8.5CVSS6.7AI score0.01006EPSS
CVE
CVEadded 2009/06/25 9:0 p.m.39 views

CVE-2009-2216

DirectAdmin 1.33.6 and earlier contains an XSS in CMD_REDIRECT usable via the view=advanced URI parameter. Exploitation could allow remote attackers to inject arbitrary script/HTML. The issue is documented under CVE-2009-2216 across multiple feeds; affected product is DirectAdmin with versions up...

6.1CVSS5.9AI score0.02777EPSS
CVE
CVEadded 2025/10/03 12:0 a.m.18 views

CVE-2025-56551

DirectAdmin Evolution Skin (v1.680) is affected. A crafted GET request can cause the page layout to be modified and replace the legitimate login interface with attacker-controlled content. Root cause is unspecified in the documents beyond content manipulation; exploitation status is not detailed....

8.2CVSS6.6AI score0.00054EPSS