Home >Unlabelled > C - Panel "fileop" Parameter Handling Cross Site Scripting Vulnerability
C - Panel "fileop" Parameter Handling Cross Site Scripting Vulnerability
Posted on 23 Desember 2009 by c0decstuff
Title : cPanel "fileop" Parameter Handling Cross Site Scripting Vulnerability
VUPEN ID : VUPEN/ADV-2009-3608
CVE ID : GENERIC-MAP-NOMATCH
CWE ID : VUPEN VNS Only
CVSS V2 : VUPEN VNS Only
Rated as : Low Risk
A vulnerability has been identified in cPanel, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an input validation error in the "frontend/x3/files/fileop.html" script when processing the "fileop" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
for Affected Product, Solution, References, Credits, Log, Details Vurnerability managemen visit to vupen
Update:advisories 2009-12-21
Total Pageviews
Labels
- Android (1)
- Aplication (14)
- ARP (1)
- Backdoored (2)
- Browser (1)
- Cloud (1)
- Exploitation (1)
- Exploits (7)
- Facebook (2)
- forensics (3)
- Hacking (11)
- Hijacking (1)
- Honeypot (1)
- HTML5 (1)
- ios (2)
- Jailbreak (2)
- Linux (1)
- Malware (5)
- metasploit (2)
- Meterpreter (1)
- Movie (1)
- Networking (1)
- News (2)
- password attack (2)
- Penetration Test (2)
- Python (1)
- reverse engineering (1)
- Rootkits (1)
- Security (12)
- shellcode (2)
- Stuxnet/Duqu (2)
- Uncategories (1)
- Virus (1)
- Vulnerability (8)
- Web (5)
- Wifi (1)
- Windows (5)
Blog Archive
-
▼
09
(18)
-
▼
Des
(18)
- How To Tap Mobile Phones
- Web applications security vulnerabilities summary ...
- Vurnerability Guestbook 3.50 Admin
- FindDomains v0.1.1(tools)
- Simple PHP Blog 'blog_language1' Parameter Local F...
- XSS. Vulnerability in JpGraph 3.0.6
- WordPress Exploit Scanner Perfect tool to find Ifr...
- C - Panel "fileop" Parameter Handling Cross Site S...
- discovery checkingfor ssl vulnerabilities on the c...
- Adobe Acrobat and Acrobat Reader Remote Code Execu...
- New Wave of SQL Injection Attacks
- Exposing HMS HICP Protocol + 0Day 'light' + SCADA_...
- Microsoft IIS FTP 5.0 Remote SYSTEM Exploit
- JM CMS 1.0 SQL Injection Vulnerability
- Remote Admin Vulnerability PHPXref 0.6
- Microsoft releases password attack data
- backtrack 4 Release
- sslstrip+ettercap+arpspoo f =pwned
-
▼
Des
(18)
Friendlist
Security Resources
-
-
-
This feed contains no entries
-
-
-
-
-
-
-
-
-