CVSS: 8.6EPSS: %CPEs: 1EXPL: 0CVE-2024-10385 – Stored XSS in DirectAdmin Evo Skin
https://notcve.org/view.php?id=CVE-2024-10385
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin. • https://cert.pl/en/posts/2024/12/CVE-2024-10385 https://www.directadmin.com/evolution.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9625 – DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2019-9625
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account. JBMC DirectAdmin, en su versión 1.55, permite Cross-Site Request Forgery (CSRF) mediante el URI /CMD_ACCOUNT_ADMIN para crear una nueva cuenta de administrador. DirectAdmin version 1.55 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/46520 https://github.com/ManhNho/CVEs/blob/master/New-Requests/DirectAdmin-CSRF • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18045
https://notcve.org/view.php?id=CVE-2017-18045
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request. JBMC DirectAdmin, en versiones anteriores a la 1.52, cuando la configuración email_ftp_password_change no es cero, permite que atacantes remotos obtengan acceso o provoquen una denegación de servicio (segfault) mediante una petición sin especificar. • https://www.directadmin.com/features.php?id=2036 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-5305
https://notcve.org/view.php?id=CVE-2012-5305
Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en CMD_DOMAIN en JBMC Software DirectAdmin v1.403 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través del parámetro domain. • http://archives.neohapsis.com/archives/bugtraq/2012-04/0034.html http://www.securityfocus.com/bid/52848 http://www.vulnerability-lab.com/get_content.php?id=486 https://exchange.xforce.ibmcloud.com/vulnerabilities/74569 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 37EXPL: 2CVE-2011-5033 – CSF Firewall - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2011-5033
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file. Un desbordamiento de búfer basado en la pila en CFS.c en ConfigServer Seguridad y Firewall (CSF) anterior a v5,43, cuando se ejecuta en un servidor de DirectAdmin, permite a usuarios locales provocar una denegación de servicio (caída) a través de una larga cadena en un archivo admin.list. • https://www.exploit-db.com/exploits/18225 http://forum.configserver.com/viewtopic.php?f=4&t=5008 http://www.configserver.com/free/csf/changelog.txt http://www.exploit-db.com/exploits/18225 https://exchange.xforce.ibmcloud.com/vulnerabilities/71758 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •