exploits , vulnerabilities , articles , WebHost Manager Multiple Cross-Site Scripting Vulnerabilities

Title	WebHost Manager Multiple Cross-Site Scripting Vulnerabilities
Published	2006-11-25-12:00AM
Updated	2006-11-28-07:49PM
Class	Input Validation Error
CVE
Remote	Yes
Local	No
Credit	Aria-Security is credited with the discovery of these vulnerabilities.
Vulnerable	cPanel WebHost Manager 3.1
Not Vulnerable
Code	Attackers can exploit these issues via a web client. The following proof-of-concept URIs are available: http://www.example.com:2086/scripts2/dochangeemail?user=demo&domain=demo.com&email=XSS http://www.example.com:2086/cgi/addon_configsupport.cgi?cgiaction=save&supportaddy=Domain.name&emailpipecmd=Domain.name&displaybrowserbody=1&displaybrowsersubject=1&displaydomainbody=1&displaydomainsubject=1&displayhostnamebody=1&displayhostnamesubject=1&displayipbody=1&displayipsubject=1&displayuserbody=1&displayusersubject=1&type=redirect&supporturl=XSS http://www.example.com:2086/scripts/editpkg?pkg=XSS http://www.example.com:2086/scripts2/domts2?domain=XSS http://www.example.com:2086/scripts/editzone?domain=XSS http://www.example.com:2086/scripts2/dofeaturemanager?action=addfeature&feature=XSS http://www.example.com:2086/scripts/park?domain=demo.com&ndomain=XSS
TXT

Vulnerabilities - newest 10 RSS | More

2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities
2009-12-17 Quick Heal AntiVirus Insecure Program File Permissions Local Privilege Escalation Vulnerability
2009-12-17 IntelliCom NetBiter webSCADA Multiple Default Password Security Bypass Vulnerabilities
2009-12-17 Webmatic Multiple Unspecified SQL Injection and Cross-Site Scripting Vulnerabilities

SECURITY RSS FEEDS

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 05:19:03 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
imagefap php-nuke 2 Girl colla news for c www.tcjob. www.jsqfjx bbs.XRUSH. php-nuke 2 bolly www.tcjob. www.milta %...ery/li www.jm530. zhilvcn.5d pinay sex www.jndb.c seo.nike71 sexybabys maxcpm.inf sexzoo Apache+1.3 sexiphotos www.hx225. phpBB+inje News Searc sexiphotos xxxsexvide Female nak pinkworlds www.sfggg. video sex Invision P video9habm www.taobzn www.vediop 200 /compo accounts/i tin gusi g PHP-Fusion www.ceosem www.mqdm.n news for / dot5 video sex www.5iarts starzips.f www.itshug index2.php pictures www.mqdm.n