CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2019-11193 – DirectAdmin 1.561 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11193
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel. El FileManager en InfinitumIT DirectAdmin a través de la versión 1.561 presenta XSS de CMD_FILE_MANAGER, CMD_SHOW_USER y CMD_SHOW_RESELLER; un atacante puede omitir la protección CSRF con esto, y tomar el control del panel de administración. DirectAdmin versions 1.561 and below suffer from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/46694 http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.html https://numanozdemir.com/respdisc/directadmin.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.9EPSS: 0%CPEs: 115EXPL: 1CVE-2009-1526 – DirectAdmin 1.33.3 - '/CMD_DB' Backup Action Insecure Temporary File Creation
https://notcve.org/view.php?id=CVE-2009-1526
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action. JBMC Software DirectAdmin anterior a v1.334 permite a usuarios locales crear o sobreescribir cualquier fichero a través de un ataque de enlace simbólico en un directorio temporal concreto, relacionada con una petición para ese fichero temporal en PATH_INFO en la secuencia de comandos CMD_DB durante una acción de copia de seguridad. • https://www.exploit-db.com/exploits/32947 http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html http://osvdb.org/54014 http://secunia.com/advisories/34861 http://www.directadmin.com/features.php?id=968 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.5EPSS: 0%CPEs: 115EXPL: 1CVE-2009-1525
https://notcve.org/view.php?id=CVE-2009-1525
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action. CMD_DB en JBMC Software DirectAdmin anterior a v1.334 permite a usuarios remotos autenticados conseguir privilegios a través de metacaracteres del interprete de comandos en el parámetro "name" durante una acción "restore". • http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0228.html http://osvdb.org/54015 http://secunia.com/advisories/34861 http://www.directadmin.com/features.php?id=968 https://exchange.xforce.ibmcloud.com/vulnerabilities/50167 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-1926
https://notcve.org/view.php?id=CVE-2007-1926
Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JBMC Software DirectAdmin anterior a 1.293 no muestra adecuadamente los ficheros de log, lo cual permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante peticiones (1) http o (2) ftp almacenadas en /var/log/directadmin/security.log; (3) permite a atacantes dependientes del contexto inyectar secuencias de comandos web o HTML de su elección en /var/log/messages mediante una secuencia de comandos PHP que invoca a /usr/bin/logger; (4) permite a usuarios locales inyectar secuencias de comandos web o HTML de su elección en /var/log/messages invocando /usr/bin/logger desde la linea de comandos; y permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante peticiones remotas almacenadas en los ficheros de log (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, y (11) /var/log/directadmin/security.log • http://secunia.com/advisories/24728 http://securityreason.com/securityalert/2534 http://www.directadmin.com/features.php?id=760 http://www.directadmin.com/versions.php http://www.securityfocus.com/archive/1/464471/100/100/threaded http://www.securityfocus.com/bid/23254 https://exchange.xforce.ibmcloud.com/vulnerabilities/33390 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1508 – DirectAdmin 1.292 - 'CMD_USER_STATS' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1508
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el CMD_USER_STATS del DirectAdmin permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro RESULT, vulnerabilidad diferente a la CVE-2006-5983. • https://www.exploit-db.com/exploits/29747 http://osvdb.org/34273 http://secunia.com/advisories/24551 http://www.securityfocus.com/archive/1/463003/100/0/threaded http://www.securityfocus.com/bid/22996 http://www.vupen.com/english/advisories/2007/1037 https://exchange.xforce.ibmcloud.com/vulnerabilities/33023 •