CVE-2009-2216 – DirectAdmin 1.33.6 - 'CMD_REDIRECT' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2216
Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CMD_REDIRECT en DirectAdmin v1.33.6 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante la URI en una petición view=advanced. • https://www.exploit-db.com/exploits/33048 http://pridels-team.blogspot.com/2009/06/directadmin-v1336-xss-vuln.html http://secunia.com/advisories/35525 http://www.securityfocus.com/bid/35450 http://www.vupen.com/english/advisories/2009/1663 https://exchange.xforce.ibmcloud.com/vulnerabilities/51292 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-1526 – DirectAdmin 1.33.3 - '/CMD_DB' Backup Action Insecure Temporary File Creation
https://notcve.org/view.php?id=CVE-2009-1526
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action. JBMC Software DirectAdmin anterior a v1.334 permite a usuarios locales crear o sobreescribir cualquier fichero a través de un ataque de enlace simbólico en un directorio temporal concreto, relacionada con una petición para ese fichero temporal en PATH_INFO en la secuencia de comandos CMD_DB durante una acción de copia de seguridad. • https://www.exploit-db.com/exploits/32947 http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html http://osvdb.org/54014 http://secunia.com/advisories/34861 http://www.directadmin.com/features.php?id=968 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2009-1525
https://notcve.org/view.php?id=CVE-2009-1525
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action. CMD_DB en JBMC Software DirectAdmin anterior a v1.334 permite a usuarios remotos autenticados conseguir privilegios a través de metacaracteres del interprete de comandos en el parámetro "name" durante una acción "restore". • http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html http://osvdb.org/54015 http://secunia.com/advisories/34861 http://www.directadmin.com/features.php?id=968 https://exchange.xforce.ibmcloud.com/vulnerabilities/50167 • CWE-20: Improper Input Validation •
CVE-2007-4830
https://notcve.org/view.php?id=CVE-2007-4830
Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en CMD_BANDWIDTH_BREAKDOWN en DirectAdmin 1.30.2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro user. • http://osvdb.org/36999 http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html http://secunia.com/advisories/26742 http://www.securityfocus.com/bid/25607 https://exchange.xforce.ibmcloud.com/vulnerabilities/36510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-3501
https://notcve.org/view.php?id=CVE-2007-3501
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CMD_USER_STATS en DirectAdmin 1.30.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro domain, un vector diferente de CVE-2007-1508. • http://osvdb.org/36339 http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html http://secunia.com/advisories/25881 http://www.securityfocus.com/bid/24688 http://www.vupen.com/english/advisories/2007/2389 https://exchange.xforce.ibmcloud.com/vulnerabilities/35177 •