Page 3 of 14 results (0.002 seconds)

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JBMC Software DirectAdmin anterior a 1.293 no muestra adecuadamente los ficheros de log, lo cual permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante peticiones (1) http o (2) ftp almacenadas en /var/log/directadmin/security.log; (3) permite a atacantes dependientes del contexto inyectar secuencias de comandos web o HTML de su elección en /var/log/messages mediante una secuencia de comandos PHP que invoca a /usr/bin/logger; (4) permite a usuarios locales inyectar secuencias de comandos web o HTML de su elección en /var/log/messages invocando /usr/bin/logger desde la linea de comandos; y permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante peticiones remotas almacenadas en los ficheros de log (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, y (11) /var/log/directadmin/security.log • http://secunia.com/advisories/24728 http://securityreason.com/securityalert/2534 http://www.directadmin.com/features.php?id=760 http://www.directadmin.com/versions.php http://www.securityfocus.com/archive/1/464471/100/100/threaded http://www.securityfocus.com/bid/23254 https://exchange.xforce.ibmcloud.com/vulnerabilities/33390 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el CMD_USER_STATS del DirectAdmin permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro RESULT, vulnerabilidad diferente a la CVE-2006-5983. • https://www.exploit-db.com/exploits/29747 http://osvdb.org/34273 http://secunia.com/advisories/24551 http://www.securityfocus.com/archive/1/463003/100/0/threaded http://www.securityfocus.com/bid/22996 http://www.vupen.com/english/advisories/2007/1037 https://exchange.xforce.ibmcloud.com/vulnerabilities/33023 •

CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 9

Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en JBMC Software DirectAdmin 1.28.1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) usuario (user) de (a) CMD_SHOW_RESELLER o (b) CMD_SHOW_USER en el nivel de administrador (Admin level); el parámetro (2) TYPE de (c) CMD_TICKET_CREATE o (d) CMD_TICKET, el parámetro (3) usuario (user) de (e) CMD_EMAIL_FORWARDER_MODIFY, (g) CMD_EMAIL_VACATION_MODIFY, o (g) CMD_FTP_SHOW, y el parámetro (4) nombre (name) de (h) CMD_EMAIL_LIST en el nivel de usuario (User level); o el parámetro (5) usuario (user) de (i) CMD_SHOW_USER en el nivel de revendedor (Reseller level). • https://www.exploit-db.com/exploits/29002 https://www.exploit-db.com/exploits/29005 https://www.exploit-db.com/exploits/29004 https://www.exploit-db.com/exploits/29006 https://www.exploit-db.com/exploits/28999 https://www.exploit-db.com/exploits/29000 https://www.exploit-db.com/exploits/29003 https://www.exploit-db.com/exploits/29001 http://aria-security.net/advisory/directadmin.txt http://securityreason.com/securityalert/1885 http://www.securityfocus.com/archive/1/4 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. • http://secunia.com/advisories/19885 http://securityreason.com/securityalert/830 http://www.aria-security.net/advisory/hm/directadmin.txt http://www.securityfocus.com/archive/1/432459/100/0/threaded http://www.vupen.com/english/advisories/2006/1576 •