Members Login

Rss Feeds

Get our latest content via RSS feeds.

Report a Vulnerability

Report a vulnerability or exploit that you have found to SecuMania.
vul[at]SecuMania.org

advertise with us

add your link here only ($10/month)

Google PageRank Checker
 

Recommended Links

Most downloaded

Latest Comments

thanks smiley
莆田SEO www.0594seo.com.cn 莆田SEM搜索引擎优化营销 www.ptsem.org.cn
hi webmaster,plz help me to find any information about account harvesting and traversal path attack ...
[…] self-propagating malware in the first place. Share this post: email it! | bookmark it! | digg ...
Hello Webmasters My name is Nikolai. I am making an organization for the protection internet users f...
good job you are the best . mgharba talmout :d
Hello, The reported problem has been fixed. Regards, Catalina Danila Online Rent Customer Supp...
Not Vulnerable: Luis Wang netOffice Dwins 1.3.1 visit website http://netofficedwins .sourceforge.ne...
Current version of script corrected. Security patch available to registered users in the user foru...
But i think to protect the password is not needed because it's not used in the SQL-Execute statement...

Who's Online

Total: 8
Members: 0 / Guests: 8
No members online

Packet Storm

Packet Storm Last 10 Exploits
Packet Storm Last 10 Advisories
Packet Storm Last 10 Tools
Packet Storm Last 10 Miscellaneous Files
Packet Storm Headlines

Links

viralcoders

lzer
Visits today: 567
Visits yesterday: 911
Visits month: 19661
Visits total: 65969
Pages total: 930394
cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability Print E-mail
0
Wednesday, 16 January 2008
cPanel \'dohtaccess.html\' Cross-Site Scripting Vulnerability
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jan 16 2008 12:00AM
Updated: Jan 16 2008 06:39PM
Credit:
The Aria-Security Team is credited with the discovery of this vulnerability.
Vulnerable:
cPanel cPanel 0
Not Vulnerable:
Description:
cPanel is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects unknown versions of cPanel; we will update this BID when more details become available.
Exploit:
An attacker can exploit this issue by enticing an unsuspected victim to follow a malicious URI.
Solution:
Currently SecuMania is not aware of any solution for this issue.
If you are aware of more recent information, please mail us at: vul[at]SecuMania.org.
References:
Source:
Set as favorite
Bookmark
Email This
Hits: 79
Comments (0)add
Write comment
quote
bold
italicize
underline
strike
url
image
quote
quote
smile
wink
laugh
grin
angry
sad
shocked
cool
tongue
kiss
cry
smaller | bigger

busy
 
< Prev   Next >
[ Back ]

Polls

How do you rate the SecuMania Security Portal?
 

Latest exploits

Latest vulnerabilities

Security

Spam

Viruses/Malware

Software/Programming

Linux

Microsoft

Technology

Credit Reports | Debt Help | Download Korean movies | Secured Credit Cards | Loanslinks VoteThisMovie PalKeys Hey3arab arabekia