Page 2 of 9 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en CMD_BANDWIDTH_BREAKDOWN en DirectAdmin 1.30.2 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro user. • http://osvdb.org/36999 http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html http://secunia.com/advisories/26742 http://www.securityfocus.com/bid/25607 https://exchange.xforce.ibmcloud.com/vulnerabilities/36510 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en CMD_USER_STATS en DirectAdmin 1.30.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro domain, un vector diferente de CVE-2007-1508. • http://osvdb.org/36339 http://pridels-team.blogspot.com/2007/06/directadmin-xss-vuln.html http://secunia.com/advisories/25881 http://www.securityfocus.com/bid/24688 http://www.vupen.com/english/advisories/2007/2389 https://exchange.xforce.ibmcloud.com/vulnerabilities/35177 •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JBMC Software DirectAdmin anterior a 1.293 no muestra adecuadamente los ficheros de log, lo cual permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante peticiones (1) http o (2) ftp almacenadas en /var/log/directadmin/security.log; (3) permite a atacantes dependientes del contexto inyectar secuencias de comandos web o HTML de su elección en /var/log/messages mediante una secuencia de comandos PHP que invoca a /usr/bin/logger; (4) permite a usuarios locales inyectar secuencias de comandos web o HTML de su elección en /var/log/messages invocando /usr/bin/logger desde la linea de comandos; y permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante peticiones remotas almacenadas en los ficheros de log (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, y (11) /var/log/directadmin/security.log • http://secunia.com/advisories/24728 http://securityreason.com/securityalert/2534 http://www.directadmin.com/features.php?id=760 http://www.directadmin.com/versions.php http://www.securityfocus.com/archive/1/464471/100/100/threaded http://www.securityfocus.com/bid/23254 https://exchange.xforce.ibmcloud.com/vulnerabilities/33390 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. • http://secunia.com/advisories/19885 http://securityreason.com/securityalert/830 http://www.aria-security.net/advisory/hm/directadmin.txt http://www.securityfocus.com/archive/1/432459/100/0/threaded http://www.vupen.com/english/advisories/2006/1576 •