CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4830
https://notcve.org/view.php?id=CVE-2007-4830
Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en CMD_BANDWIDTH_BREAKDOWN en DirectAdmin 1.30.2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro user. • http://osvdb.org/36999 http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html http://secunia.com/advisories/26742 http://www.securityfocus.com/bid/25607 https://exchange.xforce.ibmcloud.com/vulnerabilities/36510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3501
https://notcve.org/view.php?id=CVE-2007-3501
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CMD_USER_STATS en DirectAdmin 1.30.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro domain, un vector diferente de CVE-2007-1508. • http://osvdb.org/36339 http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html http://secunia.com/advisories/25881 http://www.securityfocus.com/bid/24688 http://www.vupen.com/english/advisories/2007/2389 https://exchange.xforce.ibmcloud.com/vulnerabilities/35177 •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-1926
https://notcve.org/view.php?id=CVE-2007-1926
Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JBMC Software DirectAdmin anterior a 1.293 no muestra adecuadamente los ficheros de log, lo cual permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante peticiones (1) http o (2) ftp almacenadas en /var/log/directadmin/security.log; (3) permite a atacantes dependientes del contexto inyectar secuencias de comandos web o HTML de su elección en /var/log/messages mediante una secuencia de comandos PHP que invoca a /usr/bin/logger; (4) permite a usuarios locales inyectar secuencias de comandos web o HTML de su elección en /var/log/messages invocando /usr/bin/logger desde la linea de comandos; y permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante peticiones remotas almacenadas en los ficheros de log (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, y (11) /var/log/directadmin/security.log • http://secunia.com/advisories/24728 http://securityreason.com/securityalert/2534 http://www.directadmin.com/features.php?id=760 http://www.directadmin.com/versions.php http://www.securityfocus.com/archive/1/464471/100/100/threaded http://www.securityfocus.com/bid/23254 https://exchange.xforce.ibmcloud.com/vulnerabilities/33390 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 9CVE-2006-5983 – DirectAdmin 1.28/1.29 - 'CMD_EMAIL_FORWARDER_MODIFY' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5983
Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en JBMC Software DirectAdmin 1.28.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) usuario (user) de (a) CMD_SHOW_RESELLER o (b) CMD_SHOW_USER en el nivel de administrador (Admin level); el parámetro (2) TYPE de (c) CMD_TICKET_CREATE o (d) CMD_TICKET, el parámetro (3) usuario (user) de (e) CMD_EMAIL_FORWARDER_MODIFY, (g) CMD_EMAIL_VACATION_MODIFY, o (g) CMD_FTP_SHOW, y el parámetro (4) nombre (name) de (h) CMD_EMAIL_LIST en el nivel de usuario (User level); o el parámetro (5) usuario (user) de (i) CMD_SHOW_USER en el nivel de revendedor (Reseller level). • https://www.exploit-db.com/exploits/29002 https://www.exploit-db.com/exploits/29005 https://www.exploit-db.com/exploits/29004 https://www.exploit-db.com/exploits/29006 https://www.exploit-db.com/exploits/28999 https://www.exploit-db.com/exploits/29000 https://www.exploit-db.com/exploits/29003 https://www.exploit-db.com/exploits/29001 http://aria-security.net/advisory/directadmin.txt http://securityreason.com/securityalert/1885 http://www.securityfocus.com/archive/1/4 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2153
https://notcve.org/view.php?id=CVE-2006-2153
Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. • http://secunia.com/advisories/19885 http://securityreason.com/securityalert/830 http://www.aria-security.net/advisory/hm/directadmin.txt http://www.securityfocus.com/archive/1/432459/100/0/threaded http://www.vupen.com/english/advisories/2006/1576 •