CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6513
https://notcve.org/view.php?id=CVE-2017-6513
The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL. El WHMCS Reseller Module V2 2.0.2 en Softaculous Virtualizor en versiones anteriores a 2.9.1.0 no verifica correctamente al usuario, lo que permite a usuarios remotos autenticados controlar otras máquinas virtuales gestionadas a través de Virtualizor accediendo a una URL modificada. • http://www.virtualizor.com/blog/?p=1551 https://gist.github.com/sedrubal/a83fa22f1091025a5c1a14aabd711ad7 • CWE-275: Permission Issues •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6043 – Webuzo 2.1.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-6043
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests. La función de login en Softaculous Webuzo anterior a 2.1.4 proporciona mensajes diferentes de error para intentos de autenticación inválidas dependiendo de si la cuenta de usuario existe, lo que permite a atacantes remotos enumerar los nombres de usuario a través de peticiones en serie. • https://www.exploit-db.com/exploits/31982 http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2013-6041 – Webuzo 2.1.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-6041
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action. index.php en Softaculous Webuzo anterior a 2.1.4 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en una cookie SOFTCookies dentro de la acción login. • https://www.exploit-db.com/exploits/31982 http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched https://web.archive.org/web/20140126212101/http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1CVE-2013-6042 – Webuzo 2.1.3 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-6042
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. Vulnerabilidad de XSS en filemanager/login.php del módulo File Manager en Softaculous Webuzo anterior a la versión 2.1.4 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro user. • https://www.exploit-db.com/exploits/31982 http://osvdb.org/99203 http://www.baesystemsdetica.com.au/Research/Advisories/Webuzo-Multiple-Vulnerabilities-%28DS-2013-007%29 http://www.securityfocus.com/bid/63464 http://www.softaculous.com/board/index.php?tid=4526&title=Webuzo_2.1.4_Launched • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •