Vulnerabilities > Jbmc Software
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-03 | CVE-2012-3842 | Cross-Site Scripting vulnerability in Jbmc-Software Directadmin 1.403 Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. | 4.3 |
2009-06-25 | CVE-2009-2216 | Cross-Site Scripting vulnerability in Jbmc-Software Directadmin Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request. | 4.3 |
2009-05-05 | CVE-2009-1526 | Link Following vulnerability in Jbmc-Software Directadmin JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action. | 6.9 |
2009-05-05 | CVE-2009-1525 | Improper Input Validation vulnerability in Jbmc-Software Directadmin CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action. | 8.5 |
2007-04-10 | CVE-2007-1926 | HTML Injection vulnerability in DirectAdmin Logfile Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML via (1) http or (2) ftp requests logged in /var/log/directadmin/security.log; (3) allows context-dependent attackers to inject arbitrary web script or HTML into /var/log/messages via a PHP script that invokes /usr/bin/logger; (4) allows local users to inject arbitrary web script or HTML into /var/log/messages by invoking /usr/bin/logger at the command line; and allows remote attackers to inject arbitrary web script or HTML via remote requests logged in the (5) /var/log/exim/rejectlog, (6) /var/log/exim/mainlog, (7) /var/log/proftpd/auth.log, (8) /var/log/httpd/error_log, (9) /var/log/httpd/access_log, (10) /var/log/directadmin/error.log, and (11) /var/log/directadmin/security.log files. network jbmc-software | 6.8 |
2007-03-20 | CVE-2007-1508 | Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.293 Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983. network jbmc-software | 4.3 |
2006-11-20 | CVE-2006-5983 | Cross-Site Scripting vulnerability in Jbmc Software Directadmin 1.28.1 Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level. network jbmc-software | 6.0 |
2006-05-03 | CVE-2006-2153 | Cross-Site Scripting vulnerability in DirectAdmin Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. network jbmc-software | 4.3 |