CVE-2008-2082
published 2008-05-05CVE-2008-2082: Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module…
PriorityP413medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.47%
70.5th percentile
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siteman | siteman | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
cPanel 11.x - 'Fantastico' Local File Inclusion
exploitdb·2008-09-14
CVE-2008-4181 cPanel 11.x - 'Fantastico' Local File Inclusion
cPanel 11.x - 'Fantastico' Local File Inclusion
---
##############################################################
Fantastico In all Version Cpanel 11.x >
First Create directory Let the name /includes/ and upload Shell.php in /includes/ Then rename it to enc_licensing_servers.php
:::xploit::::
http://xxx.com:2082/frontend/x/fantastico/includes/xml.php?fantasticopath=/home/user
###################################################
Discoverd By : joker_1
for info : [email protected]
###################################################
Special Greetings :- sniper-sa.com & Group XP & Alm3reFh.Com & Genral kbkb & step on the snow & red trigger & qalbhamad & saudi star
###################################################
# milw0rm.com [2008-09-14]
Exploit-DB
Siteman 2.0.x2 - 'module' Cross-Site Scripting / Local File Inclusion
exploitdb·2008-04-26
CVE-2008-2082 Siteman 2.0.x2 - 'module' Cross-Site Scripting / Local File Inclusion
Siteman 2.0.x2 - 'module' Cross-Site Scripting / Local File Inclusion
---
source: https://www.securityfocus.com/bid/28943/info
Siteman is prone to a local file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this as a cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Or, the attacker may exploit the issue as a local file-include vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.
Siteman 2.0.x2 is vulnerable; o
Exploit-DB
Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting
exploitdb·2008-04-26
CVE-2008-2082 Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting
Siteman 2.x - Code Execution / Local File Inclusion / Cross-Site Scripting
---
#####################################################################################
#### Siteman 2.X (0Day) ####
#### Multiple Remote Vulnerabilities (CODE EXECUTION/LFI/XSS) ####
#####################################################################################
# #
#AUTHOR : IRCRASH (Dr.Crash Or Khashayar Fereidani) #
#Discovered by : IRCRASH (Dr.Crash Or Khashayar Fereidani) #
#IRCRASH Team Members : Dr.Crash Or Khashayar Fereidani - Hadi Kiamarsi - Malc0de - R3d.w0rm - Rasool Nasr
#IRCRASH BUGTRAQ : http://bugtraq.ircrash.com/ #
#Original Advisory: http://ircrash.com/english/index.php?topic=29.0 #
#####################################################################################
# #
#Script Download
Exploit-DB
cPanel 11.18.3 - List Directories and Folders Information Disclosure
exploitdb·2008-03-18
CVE-2008-7142 cPanel 11.18.3 - List Directories and Folders Information Disclosure
cPanel 11.18.3 - List Directories and Folders Information Disclosure
---
source: https://www.securityfocus.com/bid/28300/info
cPanel is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to determine programs that are running on the affected server and to view folders on other sites that are protected by a firewall. Information obtained may lead to further attacks.
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/home/user/.htpasswds
http://www.example.com:2082/frontend/x/diskusage/index.html?showtree=/var
http://ircrash.com/english/index.php?topic=29.0http://www.securityfocus.com/bid/28943https://exchange.xforce.ibmcloud.com/vulnerabilities/42020https://www.exploit-db.com/exploits/5499http://ircrash.com/english/index.php?topic=29.0http://www.securityfocus.com/bid/28943https://exchange.xforce.ibmcloud.com/vulnerabilities/42020https://www.exploit-db.com/exploits/5499
2008-05-05
Published