Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - screwloose

Pages: [1]
1
Hi

I'm looking for information on if this has been fixed?
   
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel. Authentication is not required to exploit this vulnerability.

The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root.

https://www.zerodayinitiative.com/advisories/ZDI-20-752/

2
CentOS 6 Problems / suphp not working ... security issue
« on: February 03, 2017, 05:19:12 AM »
Hi Guys

Not sure if i broke something on our server but as a test i uploaded a nasty script i found on a windows VPS. (milw0rm) Its a shell / file manager. Interesting thing is that it allows the user to browse the entire file system of the server. IE can see the etc/

This is very bad!!

Any ideas what to check for or if this happens on other peoples server?

Pages: [1]