Syscp Team
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-0849 | 0.03 | — | 0.01 | Feb 8, 2007 | scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different… | |||
| CVE-2010-2476 | 0.00 | — | 0.02 | Nov 7, 2019 | syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot. | |||
| CVE-2007-0850 | 0.00 | — | 0.03 | Feb 8, 2007 | scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and… | |||
| CVE-2006-0132 | 0.00 | — | 0.02 | Jan 9, 2006 | Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter. | |||
| CVE-2005-2568 | 0.00 | — | 0.02 | Aug 16, 2005 | Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function. | |||
| CVE-2005-2567 | 0.00 | — | 0.02 | Aug 16, 2005 | PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter. |
- CVE-2007-0849Feb 8, 2007risk 0.03cvss —epss 0.01
scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different…
- CVE-2010-2476Nov 7, 2019risk 0.00cvss —epss 0.02
syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.
- CVE-2007-0850Feb 8, 2007risk 0.00cvss —epss 0.03
scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and…
- CVE-2006-0132Jan 9, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter.
- CVE-2005-2568Aug 16, 2005risk 0.00cvss —epss 0.02
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.
- CVE-2005-2567Aug 16, 2005risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.