CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote root command execution.
5a8b5c22b6f88d4b23b7a0d7443350b170fd00adeeb921e879705dd19fe1cdd5Nike+ Panel and Mobile App suffers from multiple cross site scripting vulnerabilities.
318952fc36f8ecd15a627349d8609286daecfc86c7dc03596b132349ec1fbeedThis is a php script that takes a list of sites and password possibilities and runs as a cracker against Joomla administrative panels.
974b9077b4f38d6b7f57f47c692af49a1e15451c3a0e96836e451c9e45bcb875Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability.
02f37f360dac212fc971b316fb483fdb2f286cf0500b33dcd6659f153fdbcbc9Secunia Security Advisory - A weakness has been reported in WebsitePanel, which can be exploited by malicious people to conduct spoofing attacks.
1b22ddae90dea114d9c07c5bccf01976d5ca97c72c731e6d0c71dd91ad3e6b46WebsitePanel CMS versions prior to 1.2.2.1 suffer from an open redirection vulnerability.
f3d18a3cdffa39c307617de82222186276ef53444e6663c5f876e672f7f6a760SPIP Core versions below and equal to 3.0.1, 2,1.14, and 2.0.19 suffer from a cross site scripting vulnerability in the administrative panel.
5f46f70dfcbb4a11ad71960db80676cb97a1e1a148304daa9c476926ffe35c25Secunia Security Advisory - Two vulnerabilities with unknown impacts have been reported in cPanel.
ca727ec168a9f8600763ef4ea9dd4060dd567a97c5f9e361bcc22dfd4f8f4e5eThis is a php script called Private Cpanel Cracker. It takes in a site list and a word list.
9010f814de78bf1a146d22d4d389da8a9ffa95ac443a2a0ba005711f250c5e96LiteSpeed versions 4.1.11 and below suffer from a cross site scripting vulnerability in the admin panel.
4673c5fc0a1d5af35f49f2fe5b245398727d8205e95e7aa7d94b7620983fabbcSecunia Security Advisory - A vulnerability has been reported in Parallels Plesk Panel, which can be exploited by malicious people to conduct SQL injection attacks.
25eb28f694bc47be7ded7a5b133263b7d7d8b252f5303fa2a187951b39df91574Images version 1.7.10 suffers from a cross site scripting vulnerability in the administrative panel.
7dd9e0133074644527dd2a56ecee765075f79c519bfc221648d9e2b3e5b1b2f4Secunia Security Advisory - A vulnerability has been reported in the Panels module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
17ecb270298f2ff0544eeedc80dda4aa6a50e7e093c81336aab464a35cc4eb2eThe administrative panel for WordPress Blog on WordPress.com suffers from a reflective cross site scripting vulnerability.
87662fc54e7b6298ff08f7317f1a8410dcbb4c6454b35404b18429d6ada48103Mandriva Linux Security Advisory 2011-198 - Multiple vulnerabilities has been found and corrected in phpmyadmin. Importing a specially-crafted XML file which contains an XML entity injection permits to retrieve a local file (limited by the privileges of the user running the web server). Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS payload can be saved to this directory. Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.
849717620dc582e004cf04bfa3adddb6224bed65bd3093ac4c8205f2f134c230Debian Linux Security Advisory 2365-1 - Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services.
c7cba6fb7804a5597351848ffd009742a6b93472da3c1efa132f5c69371f0c94Secunia Security Advisory - Parallels has acknowledged two vulnerabilities in Parallels Plesk Panel, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service).
9d188efb4c603546de8b62417f9eb98035504a439a2c8ae4f792bc04dc395821Secunia Security Advisory - David Hoyt has reported multiple vulnerabilities in Parallels Plesk Panel, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
207fd84d743b9aa7c67d5b5d2dc72fce9e60bad86c024f4fd6ef5d36e02a2eacSecunia Security Advisory - David Hoyt has reported multiple vulnerabilities in Plesk and Parallels Plesk Panel, which can be exploited by malicious people to conduct cross-site scripting attacks.
761622afc21f3d2c7f2fee0623d3217866029e7b0fb1a3d348aa71f04a707ec1Easy Hosting Control Panel suffers from an administrative authentication bypass vulnerability. Versions 0.29.10 through 0.29.13 are affected.
70f8f483c68391abc1a3e3a8348e75effc0054c71381b430a6300cfba9349ebdPlesk Parallels Panel version psa 10.2.0_build1011110331.18 suffers from cross site scripting, denial of service, and remote SQL injection vulnerabilities.
f8a05ab963a17008a7c169a3468ed60df81d6029eee3e497be0b082eda8537e5This advisory is the result of research into how clickjacking can be leveraged and is the first published clickjacking exploit against a popular web application to gain OS command execution. WordPress is a web application used to create a website or blog. The WordPress Admin panel can be clickjacked to install an arbitrary plugin from the WordPress plugin archive which leads to arbitrary PHP code installation and subsequently OS command execution. Versions of WordPress prior to 3.1.3 are vulnerable to clickjacking. WordPress has had clickjacking protection since May, 2011 with the release of version 3.1.3, however no specific threat or exploit has been published.
6d655b5582b4862af9ad5082596a3a125309795b934f84d6bc8af6fa078b4321Plesk Control Panel version 102 suffers from a cross site scripting vulnerability.
9ce94f018b6a159b2536c30e1849e01d5740c9bd9318fe2e6a86e92ad9d7fff7cPanel versions prior to 11.30.2 suffer from multiple cross site request forgery vulnerabilities.
90f0d7a9552cefb98aff3d09aeee4c26b57e9040c90fde907b903f4c64245c46SeoPanel version 3.0.0-Released suffers from cross site request forgery vulnerabilities.
464551f78c733a2e2751dff93434b7b57eddabf46ba37964516ef1196ee46c9eByethost Cpanel suffers from a cross site request forgery vulnerability.
ab7232e1a064b6353a804d935d08d59ec6886f0915f9232a0c789f414704a465
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed