VYPR
Vendor

Syscp Team

Products
2
CVEs
6
Across products
6
Status
Private

Products

2

Recent CVEs

6
  • CVE-2007-0849Feb 8, 2007
    risk 0.03cvss epss 0.01

    scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different…

  • CVE-2010-2476Nov 7, 2019
    risk 0.00cvss epss 0.02

    syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.

  • CVE-2007-0850Feb 8, 2007
    risk 0.00cvss epss 0.03

    scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and…

  • CVE-2006-0132Jan 9, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter.

  • CVE-2005-2568Aug 16, 2005
    risk 0.00cvss epss 0.02

    Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.

  • CVE-2005-2567Aug 16, 2005
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.