Vulnerabilites related to netenberg - fantastico_de_luxe
Vulnerability from fkie_nvd
Published
2009-07-02 10:30
Modified
2024-11-21 00:57
Severity ?
Summary
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netenberg | fantastico_de_luxe | * | |
| cpanel | cpanel | 11 | |
| cpanel | cpanel | 11.4.19 | |
| cpanel | cpanel | 11.8.6 | |
| cpanel | cpanel | 11.8.6_stable | |
| cpanel | cpanel | 11.16 | |
| cpanel | cpanel | 11.18 | |
| cpanel | cpanel | 11.18.1 | |
| cpanel | cpanel | 11.18.2 | |
| cpanel | cpanel | 11.18.3 | |
| cpanel | cpanel | 11.18.4 | |
| cpanel | cpanel | 11.19.3 | |
| cpanel | cpanel | 11.21 | |
| cpanel | cpanel | 11.21 | |
| cpanel | cpanel | 11.22 | |
| cpanel | cpanel | 11.22.1 | |
| cpanel | cpanel | 11.22.2 | |
| cpanel | cpanel | 11.22.3 | |
| cpanel | cpanel | 11.23.1 | |
| cpanel | cpanel | 11.23.1_current |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54FEA113-975A-4252-9418-64F11FF98E32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFCB83D-77D1-4782-8741-C6AD089DE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC97216-E9A0-467B-86D7-8F4DB146220C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.8.6:stable:*:*:*:*:*:*",
"matchCriteriaId": "3CB69DCF-617E-4E3F-8494-9C74626DF262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.8.6_stable:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E24B1A-A25F-4ADB-906B-A346F782E821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3919CF-D66F-4713-8E34-F4C9E9EDFB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CF562242-C032-4D52-9464-91EF5C9EEA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80AD4CE4-714E-4949-B676-F1F692172773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC2F2A-3A9C-4B7D-8B20-4DBEB6DF9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "064D2D20-2410-4BF5-BEAB-B0FEA6858814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04480CFC-EA47-4723-B23D-0C415598D254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "80CEE914-DB4B-4777-B8BD-A8EAE6526E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.21:beta:*:*:*:*:*:*",
"matchCriteriaId": "5BB81672-314F-49D4-AD9E-CA8D1A14CD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "67891987-C727-45FF-B027-11B25D2849D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "011314F7-1977-453B-B308-DB776DF604E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "051B4B2E-BF9B-4EA8-973B-6D96A1618F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3915A3-45AA-4B53-9990-2FED41439D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.23.1:current:*:*:*:*:*:*",
"matchCriteriaId": "45F18137-728C-421A-BF9D-15CB576F67CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.23.1_current:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C35162-E9F6-4B8F-925E-19E5779095D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x, permite a los atacantes remotos leer arbitrariamente archivos a trav\u00e9s de ..(punto punto) en el par\u00e1metro sup3r."
}
],
"id": "CVE-2008-6843",
"lastModified": "2024-11-21T00:57:36.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-02T10:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32578"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-23 15:25
Modified
2024-11-21 00:51
Severity ?
Summary
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:r12:*:*:*:*:*:*",
"matchCriteriaId": "4B99C027-CBB4-4A94-9452-7917AFC58040",
"versionEndIncluding": "2.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:r11:*:*:*:*:*:*",
"matchCriteriaId": "42512974-FBDC-422C-95C9-D03DAC7E4B1B",
"versionEndIncluding": "2.8.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:r17:*:*:*:*:*:*",
"matchCriteriaId": "CDBD9A1C-CF43-443F-9C1F-E56218EA1DA7",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:r8:*:*:*:*:*:*",
"matchCriteriaId": "AAFC3E06-EF98-44A4-80A9-CFB564F3E6FB",
"versionEndIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:r46:*:*:*:*:*:*",
"matchCriteriaId": "CA9BDC49-E107-4F64-83C7-F2E3B03397E6",
"versionEndIncluding": "2.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:r18:*:*:*:*:*:*",
"matchCriteriaId": "874628CD-4324-4DEE-8346-B0047BE16587",
"versionEndIncluding": "2.10.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "7D2B45D1-5CB1-4782-94D8-0A34AA474BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "FE02D9CA-593E-4165-AB45-E9AFE9766A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r11:*:*:*:*:*:*",
"matchCriteriaId": "F651A5A9-814D-460F-B152-92CCBEC70BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "BCFDEC0C-7D48-4B5E-BCB5-8ED9920A0E04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "19BA26EB-BE73-43EE-8B88-86441ED9D717",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r4:*:*:*:*:*:*",
"matchCriteriaId": "383930D3-683B-4242-AAE0-B332A53FB930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r5:*:*:*:*:*:*",
"matchCriteriaId": "AB6C4E2A-0661-4281-A6AF-16658B9C3EF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r6:*:*:*:*:*:*",
"matchCriteriaId": "AFE68872-8E34-4518-8787-11B82EF8980F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r7:*:*:*:*:*:*",
"matchCriteriaId": "E7F98AFB-5777-4BA5-B44F-8B6B0BD550B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r8:*:*:*:*:*:*",
"matchCriteriaId": "FC478E94-0C8F-4BD7-A919-227D7978914D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.2:r9:*:*:*:*:*:*",
"matchCriteriaId": "928F493E-230B-46AC-9593-DB8338B5ADA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "EAF9198B-14F3-4677-A951-10E4BBB3E9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "C79BDF33-C5BE-43E8-8CEB-E5A166FD5902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "A9336D90-28C1-47FB-8600-F0AFEAD30F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r4:*:*:*:*:*:*",
"matchCriteriaId": "11B6D029-2FD1-4093-9885-41EB4BF626DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r5:*:*:*:*:*:*",
"matchCriteriaId": "080891D0-6303-438C-A6C2-484F2D313475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r6:*:*:*:*:*:*",
"matchCriteriaId": "5BEA0AB4-71D5-4792-89BD-15B82EC2A6D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.4:r7:*:*:*:*:*:*",
"matchCriteriaId": "9AE8B282-AF23-478F-BD84-F76DCC23019F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "3D5DF767-AFEA-4073-9F3D-45BDA33DEF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.6:r2:*:*:*:*:*:*",
"matchCriteriaId": "B2286FF0-1D90-462F-AEAD-EB8BD5732B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.6:r3:*:*:*:*:*:*",
"matchCriteriaId": "EB8EE364-3371-4835-805D-2045905A7F92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r1:*:*:*:*:*:*",
"matchCriteriaId": "A642400F-9803-47CB-9511-7CA8F2D79E24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r10:*:*:*:*:*:*",
"matchCriteriaId": "8E02B1DC-219E-41E4-BE87-D937A9C6C62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r2:*:*:*:*:*:*",
"matchCriteriaId": "2911A35A-5FE6-419F-A86E-7AE2308C7A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r3:*:*:*:*:*:*",
"matchCriteriaId": "9A6ABDF4-F65B-4A82-8266-E4A753C12293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r4:*:*:*:*:*:*",
"matchCriteriaId": "4741CE17-DC9D-4E02-B691-A115F620AA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r5:*:*:*:*:*:*",
"matchCriteriaId": "942CFFEB-28A3-4848-8499-624151FF193B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r6:*:*:*:*:*:*",
"matchCriteriaId": "E5495A76-7552-4393-990E-0F61579E3D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r7:*:*:*:*:*:*",
"matchCriteriaId": "4FFF9366-5E11-4A29-B62A-D96C7EB17A1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r8:*:*:*:*:*:*",
"matchCriteriaId": "F2536855-E3AB-4876-A905-23A2111F5C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.8:r9:*:*:*:*:*:*",
"matchCriteriaId": "A04547EA-D648-472B-BB80-9704AB74D94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r1:*:*:*:*:*:*:*",
"matchCriteriaId": "11D24D11-3B4C-4FAB-85AE-A885282D33D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r2:*:*:*:*:*:*:*",
"matchCriteriaId": "70F11D97-7534-4BD0-9B6A-D24781923C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r3:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB5AE0F-A352-4313-B336-DE8C065E1FFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r4:*:*:*:*:*:*:*",
"matchCriteriaId": "33951239-4904-4F59-A459-8E7D775F7267",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r5:*:*:*:*:*:*:*",
"matchCriteriaId": "80352D07-2447-43D2-985F-B998F8F8DF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r6:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACE7EFD-14B3-40BB-8C77-D72DE670E22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r7:*:*:*:*:*:*:*",
"matchCriteriaId": "482C4C77-26AF-44E4-AC23-D7019CFA8508",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r8:*:*:*:*:*:*:*",
"matchCriteriaId": "C61DFEB9-7FB9-4FFF-A37E-C7C93421C780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r9:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA8E8C7-E6FC-4BB5-AA28-B14F30474702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r10:*:*:*:*:*:*:*",
"matchCriteriaId": "B303ABE3-CDA8-4DD2-8376-97EB8B5FE5A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r11:*:*:*:*:*:*:*",
"matchCriteriaId": "619EBF82-1509-4E5D-83A6-B4CDC04CA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r12:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C0AFB5-2A6B-4A48-B460-F0709A33B870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r13:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2E8D5C-642B-4B84-80ED-BF7ECC606646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r14:*:*:*:*:*:*:*",
"matchCriteriaId": "34F9A2B3-E652-4C22-993C-B8C2289DC380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r15:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFFA86F-C13E-4551-81B7-E8516EDB4A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r16:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3C3428-0BC2-4C0C-8F3E-BD607D42A927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r17:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC08036-1D2F-481C-B96A-988CB1945246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r18:*:*:*:*:*:*:*",
"matchCriteriaId": "9693CC25-1679-48E0-B680-6D03D9CE1A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8.r19:*:*:*:*:*:*:*",
"matchCriteriaId": "619FE0E7-64B4-4A57-8EDD-948CE70B9186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r1:*:*:*:*:*:*",
"matchCriteriaId": "E941DEAF-4618-4B10-831D-874DCD207432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r10:*:*:*:*:*:*",
"matchCriteriaId": "20B13391-27AE-42BD-9746-889E75264E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r11:*:*:*:*:*:*",
"matchCriteriaId": "5054F02C-CC6C-426E-A7BA-F4B702C0C066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r12:*:*:*:*:*:*",
"matchCriteriaId": "388242AC-25B3-4ABB-9186-57D3D413FC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r13:*:*:*:*:*:*",
"matchCriteriaId": "2FC64966-D968-4630-85A6-82EC8134F9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r14:*:*:*:*:*:*",
"matchCriteriaId": "91900510-8163-48A5-BF99-A0F33CA62D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r15:*:*:*:*:*:*",
"matchCriteriaId": "91471E47-BF6F-48C5-BD2D-355DB16A8D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r16:*:*:*:*:*:*",
"matchCriteriaId": "E2FA0CCD-9102-4079-81E2-3A2B2A771680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "E924C902-D628-4375-A4BE-A858D82DC730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r3:*:*:*:*:*:*",
"matchCriteriaId": "3C4BEFFA-FE40-4C15-83EC-E5C41AB699D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r4:*:*:*:*:*:*",
"matchCriteriaId": "39124319-ACDA-44D0-8C6E-B82BDC90A39F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r5:*:*:*:*:*:*",
"matchCriteriaId": "0F4DE823-CFEE-48CF-A1F7-805C50533580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r6:*:*:*:*:*:*",
"matchCriteriaId": "6D55C548-80F0-41CB-861A-C65FAA92208F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r7:*:*:*:*:*:*",
"matchCriteriaId": "9366B730-9EDC-40C2-A6C4-EA7AEDAFEB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.0:r9:*:*:*:*:*:*",
"matchCriteriaId": "D128D67E-AC32-488A-A633-49FC621843FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "971649CD-C367-4D4E-9FE7-E88E9F3184D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "FF5FC39A-48D1-4FC6-AF10-E729B4A3F0FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r11:*:*:*:*:*:*",
"matchCriteriaId": "55DB31EC-1B4A-4975-A923-5AA6A1D2A63A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r12:*:*:*:*:*:*",
"matchCriteriaId": "DFDBA732-880E-44E0-BD4D-604276537B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r13:*:*:*:*:*:*",
"matchCriteriaId": "FC73D12A-E0ED-4651-9F50-B09E2D3B2540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r14:*:*:*:*:*:*",
"matchCriteriaId": "A542FC6C-1500-4814-97FE-03007B1BB5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r15:*:*:*:*:*:*",
"matchCriteriaId": "A5608466-FC5C-4528-BCF3-1FF5D265A5BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r16:*:*:*:*:*:*",
"matchCriteriaId": "67B21102-52F2-43C4-B4F8-C1933F0CEE2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r17:*:*:*:*:*:*",
"matchCriteriaId": "6533804B-97B3-40CD-A1AD-5365EB3A9814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r18:*:*:*:*:*:*",
"matchCriteriaId": "7255D6C7-E9F4-47D6-9A8F-B098735D2A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r19:*:*:*:*:*:*",
"matchCriteriaId": "6BEC44B2-7F2A-402B-BC9B-3DBC15D89B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "5DB9AFC4-BE8F-46C2-9001-50E69223D2AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r20:*:*:*:*:*:*",
"matchCriteriaId": "6ACF7665-27F3-41E6-8C95-1CB31BCB9B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r21:*:*:*:*:*:*",
"matchCriteriaId": "CD1E65AA-1FAC-4DB0-ADCD-3C8089C07E97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r22:*:*:*:*:*:*",
"matchCriteriaId": "F5128BEC-0F56-4F6D-AA11-CE92A244DD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r23:*:*:*:*:*:*",
"matchCriteriaId": "0EB39352-720B-4CB5-A31C-79405850EFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r24:*:*:*:*:*:*",
"matchCriteriaId": "B7BC134E-9ABF-4DEB-952E-04826B412270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "02018A48-6E1C-47EF-BF63-79EC0727F3DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r26:*:*:*:*:*:*",
"matchCriteriaId": "D2FBEAAD-18F5-4ECC-8E74-5B451E063ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r27:*:*:*:*:*:*",
"matchCriteriaId": "15EEDAE2-046E-4301-85AB-0E371E148C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r28:*:*:*:*:*:*",
"matchCriteriaId": "FE5573AC-B356-45C1-9C89-3E5E1F7D0DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r29:*:*:*:*:*:*",
"matchCriteriaId": "671AA105-5FD7-4D3F-B6C3-C56C03302BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "28722C9D-9FB6-4A94-A64F-062E7456CD76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r30:*:*:*:*:*:*",
"matchCriteriaId": "F9A700FF-4483-4573-9E1B-7DEFF2CAE15D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r31:*:*:*:*:*:*",
"matchCriteriaId": "7B87085C-73C5-4E08-B020-8902E862D0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r32:*:*:*:*:*:*",
"matchCriteriaId": "BD1779F7-9207-4680-8D6E-849D44B30CC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r33:*:*:*:*:*:*",
"matchCriteriaId": "3AC7414A-16A5-4F0B-9916-D28520885671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r34:*:*:*:*:*:*",
"matchCriteriaId": "0174735D-5246-4612-8988-2EA170925706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r35:*:*:*:*:*:*",
"matchCriteriaId": "DCDEDA26-25D2-48DC-AEFE-801923B72108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r36:*:*:*:*:*:*",
"matchCriteriaId": "77689F66-CF45-4D11-B7E6-925920E3BFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r37:*:*:*:*:*:*",
"matchCriteriaId": "3824C3FA-6487-4008-9832-DA019332631E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "FC896FE9-8620-4150-A46E-2265C85ED853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "3A4A562B-DF8B-4FDB-B3DF-374003137387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r4:*:*:*:*:*:*",
"matchCriteriaId": "07453242-3551-4F4C-9DF4-3B65677860E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r40:*:*:*:*:*:*",
"matchCriteriaId": "789632FC-922A-49E7-96D5-18010D8449E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r41:*:*:*:*:*:*",
"matchCriteriaId": "94EE4BB3-079B-43C4-8C11-FDD81E197907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r42:*:*:*:*:*:*",
"matchCriteriaId": "96ACC737-C5E3-4956-8484-1422A3844672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r43:*:*:*:*:*:*",
"matchCriteriaId": "EAA8E96E-73E3-4E7F-88C7-8BDEA2C65856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r44:*:*:*:*:*:*",
"matchCriteriaId": "5D6F8430-5E09-4508-B7A0-9359CC717233",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r45:*:*:*:*:*:*",
"matchCriteriaId": "41B3FC8B-FD48-4321-9C10-9015B95B210A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r5:*:*:*:*:*:*",
"matchCriteriaId": "41B8BC5B-9602-446C-837B-9A844F215B7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r6:*:*:*:*:*:*",
"matchCriteriaId": "98598B36-6E7C-46A3-96D0-19B6C8E37A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r7:*:*:*:*:*:*",
"matchCriteriaId": "7BB38407-D6C7-4F5E-9BF8-FD193953E7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r8:*:*:*:*:*:*",
"matchCriteriaId": "E7DCF3E7-32E6-4338-B6FE-6D1802DFBDD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.2:r9:*:*:*:*:*:*",
"matchCriteriaId": "B99586F0-EB79-418E-A0FC-87A3F4172529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "70D8441D-2883-4225-91C2-EBB079BFFA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r10:*:*:*:*:*:*",
"matchCriteriaId": "761ECE30-7C3D-4BD4-A22A-31D27BA60623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r11:*:*:*:*:*:*",
"matchCriteriaId": "3A612282-EFBE-4D48-B87E-6CEF3B8C0DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r12:*:*:*:*:*:*",
"matchCriteriaId": "2D5C8867-23BA-440F-8E15-23AB0C6D2168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r13:*:*:*:*:*:*",
"matchCriteriaId": "4E04B7B2-82E5-4CA0-8FA5-A9D64F0D6A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r14:*:*:*:*:*:*",
"matchCriteriaId": "39BA4118-25F8-4E74-9439-D8855D791690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r15:*:*:*:*:*:*",
"matchCriteriaId": "6F0105E8-62CE-4BAD-8B21-B3919873018E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r16:*:*:*:*:*:*",
"matchCriteriaId": "0043D948-0364-485F-B9B9-1C2921A9C95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r17:*:*:*:*:*:*",
"matchCriteriaId": "0822AC99-25E1-452B-B13B-74160EA74263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "93F82A13-7DAA-47EF-8A2C-1A5875310757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r3:*:*:*:*:*:*",
"matchCriteriaId": "59AB5DE8-BD3D-4472-803C-E7EF0B822BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r4:*:*:*:*:*:*",
"matchCriteriaId": "64D55D01-A266-4E39-902A-CA53B662900E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r5:*:*:*:*:*:*",
"matchCriteriaId": "1517A7A5-D822-4298-B385-8F38C6B93BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r6:*:*:*:*:*:*",
"matchCriteriaId": "DE1BDD60-DCBE-4EA7-BA5D-A5F7B1947FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r7:*:*:*:*:*:*",
"matchCriteriaId": "E2524B3D-8B31-4C83-8488-20081ED53EA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r8:*:*:*:*:*:*",
"matchCriteriaId": "6277BF1A-F50C-4D13-8FA5-6498D979BCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.10.4:r9:*:*:*:*:*:*",
"matchCriteriaId": "0E8DE004-335E-435E-A478-7AF476D29362",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en includes/xml.php para el m\u00f3dulo the Netenberg Fantastico De Luxe y versiones anteriores a 2.10.4 r19 para cPanel, cuando cPanel PHP Register Globals est\u00e1 habilitado, permite a los usuarios remotos autentificados incluir y ejecutar arbitrariamente archivos locales a trav\u00e9s de .. (punto punto)o una ruta absoluta en el par\u00e1metro fantasticopath . NOTA: en algunos entornos, esto puede ser aprovechado para la inclusi\u00f3n de archivos remotos, usando una ruta compartid UNC o un ftp, ftps, o ssh2.sftp URL."
}
],
"id": "CVE-2008-4181",
"lastModified": "2024-11-21T00:51:06.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-23T15:25:42.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31863"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4301"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6768.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31196"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45147"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4301"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6768.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6461"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-09 20:02
Modified
2024-11-21 00:08
Severity ?
Summary
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netenberg | fantastico_de_luxe | * | |
| cpanel | cpanel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54FEA113-975A-4252-9418-64F11FF98E32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message."
}
],
"id": "CVE-2006-1119",
"lastModified": "2024-11-21T00:08:07.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T20:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-10 20:30
Modified
2024-11-21 00:57
Severity ?
Summary
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cpanel | cpanel | * | |
| netenberg | fantastico_de_luxe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54FEA113-975A-4252-9418-64F11FF98E32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el archivo autoinstall4imagesgalleryupgrade.php en el M\u00f3dulo Fant\u00e1stico De Luxe para cPanel, permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de secuencias de salto de directorio en el par\u00e1metro scriptpath_show en una acci\u00f3n GoAhead. NOTA: este problema solo cruza los l\u00edmites de privilegios cuando las configuraciones de seguridad, como disable_functions y safe_mode, est\u00e1n activas, ya que la explotaci\u00f3n requiere la carga de c\u00f3digo ejecutable en un directorio de inicio."
}
],
"id": "CVE-2008-6926",
"lastModified": "2024-11-21T00:57:49.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-10T20:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6897"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netenberg | fantastico_de_luxe | 2.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5E56C562-4E63-4D2E-8E66-840550265072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5."
}
],
"id": "CVE-2004-2398",
"lastModified": "2024-11-20T23:53:15.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10390"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2008-4181
Vulnerability from cvelistv5
Published
2008-09-23 15:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45147 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/31196 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/4301 | third-party-advisory, x_refsource_SREASON | |
| https://www.exploit-db.com/exploits/6461 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.netenberg.com/forum/index.php?topic=6768.0 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31863 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "fantastico-xml-file-include(45147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45147"
},
{
"name": "31196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31196"
},
{
"name": "4301",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4301"
},
{
"name": "6461",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6768.0"
},
{
"name": "31863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31863"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "fantastico-xml-file-include(45147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45147"
},
{
"name": "31196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31196"
},
{
"name": "4301",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4301"
},
{
"name": "6461",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6768.0"
},
{
"name": "31863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31863"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fantastico-xml-file-include(45147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45147"
},
{
"name": "31196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31196"
},
{
"name": "4301",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4301"
},
{
"name": "6461",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6461"
},
{
"name": "http://www.netenberg.com/forum/index.php?topic=6768.0",
"refsource": "CONFIRM",
"url": "http://www.netenberg.com/forum/index.php?topic=6768.0"
},
{
"name": "31863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31863"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4181",
"datePublished": "2008-09-23T15:00:00",
"dateReserved": "2008-09-23T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6843
Vulnerability from cvelistv5
Published
2009-07-02 10:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46991 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/498814/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/32578 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cpanel-index-directory-traversal(46991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"name": "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"name": "32578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cpanel-index-directory-traversal(46991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"name": "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"name": "32578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-index-directory-traversal(46991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"name": "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"name": "32578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6843",
"datePublished": "2009-07-02T10:00:00",
"dateReserved": "2009-07-02T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6926
Vulnerability from cvelistv5
Published
2009-08-10 20:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/32016 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/498526 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/498529/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46252 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/6897 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/archive/1/498519 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.netenberg.com/forum/index.php?topic=6832 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/498529 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/497964/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name": "cpanel-autoinstall-file-include(46252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"name": "6897",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081120 Re: Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name": "cpanel-autoinstall-file-include(46252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"name": "6897",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081120 Re: Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32016"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name": "cpanel-autoinstall-file-include(46252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"name": "6897",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"name": "http://www.netenberg.com/forum/index.php?topic=6832",
"refsource": "CONFIRM",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081120 Re: Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6926",
"datePublished": "2009-08-10T20:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2398
Vulnerability from cvelistv5
Published
2005-08-17 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16197 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10390 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cpanel-fantastico-obtain-information(16197)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197"
},
{
"name": "20040519 Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html"
},
{
"name": "10390",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cpanel-fantastico-obtain-information(16197)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197"
},
{
"name": "20040519 Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html"
},
{
"name": "10390",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-fantastico-obtain-information(16197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197"
},
{
"name": "20040519 Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html"
},
{
"name": "10390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2398",
"datePublished": "2005-08-17T04:00:00",
"dateReserved": "2005-08-17T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1119
Vulnerability from cvelistv5
Published
2006-03-09 20:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/426957/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25277 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060307 Cpanel Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"name": "cpanel-fantastico-path-disclosure(25277)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060307 Cpanel Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"name": "cpanel-fantastico-path-disclosure(25277)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060307 Cpanel Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"name": "cpanel-fantastico-path-disclosure(25277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1119",
"datePublished": "2006-03-09T20:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}