Loose weight easily | Technical News |
|
|
|
| Written by Presoon John | |
| Saturday, 16 February 2008 | |
CPanel: Script Insertion and Cross-Site Scripting Vulnerability
Even though secunia rated this as a “less critical” vulnerability, this error is not fixed in the public builds. Successful exploitation requires that the “XSRF protection” within the WHM’s Tweak Settings under the Security section is disabled. SECUNIA ADVISORY: SA33990 The vulnerabilities are reported and explained by a security researcher in his blog at skeptikal.org”. It is better to explain it through the site itself
1: The .contactemail File in the user’s home directory You can read more at http://skeptikal.org/index.php?entry=entry080805-140000 2: Passing input via /scripts2/confdkillproc You can read more at http://skeptikal.org/index.php?entry=entry080809-180834 This has been fixed in the Edge and Current builds version 11.24.4 and 11.24.7 with a build ID greater than 34195. http://layer2.cpanel.net/ |
|
| Last Updated ( Sunday, 01 March 2009 ) |
| < Prev | Next > |
|---|
Newsflash
CPanel: Script Insertion and Cross-Site Scripting Vulnerability
Even though secunia rated this as a “less critical” vulnerability, this error is not fixed in the public builds. Successful exploitation requires that the “XSRF protection” within the WHM’s Tweak Settings under the Security section is disabled. |
|
| Read more... |
Who's Online
We have 29 guests online
Advertisement
Earn Money Now
Ride your Car with Water
