Search | Technical News |
|
|
|
| Written by Presoon John | |
| Saturday, 16 February 2008 | |
CPanel: Script Insertion and Cross-Site Scripting Vulnerability
Even though secunia rated this as a “less critical” vulnerability, this error is not fixed in the public builds. Successful exploitation requires that the “XSRF protection” within the WHM’s Tweak Settings under the Security section is disabled. SECUNIA ADVISORY: SA33990 The vulnerabilities are reported and explained by a security researcher in his blog at skeptikal.org”. It is better to explain it through the site itself
1: The .contactemail File in the user’s home directory You can read more at http://skeptikal.org/index.php?entry=entry080805-140000 2: Passing input via /scripts2/confdkillproc You can read more at http://skeptikal.org/index.php?entry=entry080809-180834 This has been fixed in the Edge and Current builds version 11.24.4 and 11.24.7 with a build ID greater than 34195. http://layer2.cpanel.net/ |
|
| Last Updated ( Sunday, 01 March 2009 ) |
| < Prev | Next > |
|---|
Newsflash
Obama opposes outsourcing of jobs
Continuing to play the anti-outsourcing card, Democrat presidential front-runner Barack Obama on Wednesday said while America cannot "shy away" from globalisation, it would have to take measures to ensure that jobs are not shipped overseas. "We have to stop providing tax breaks for companies that are shipping jobs overseas and give those tax breaks to companies that are investing here in the United States of America," Obama said in during a debate with rival Senator Hillary Clinton in Cleaveland, Ohio. |
|
| Read more... |
Who's Online
We have 26 guests online
Advertisement
Earn Money Now
Ride your Car with Water
