Jbmc-software » Directadmin » 1.24 : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.
Max CVSS
4.3
EPSS Score
0.49%
Published
2009-06-25
Updated
2017-08-17
JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.
Max CVSS
6.9
EPSS Score
0.05%
Published
2009-05-05
Updated
2010-03-29
CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.
Max CVSS
8.5
EPSS Score
0.57%
Published
2009-05-05
Updated
2017-08-17
3 vulnerabilities found