Posts Tagged ACL

2 results.

TSR 2014-0001 Full Disclosure

Feb06
by Ike on February 6, 2014 at 7:06 am
Posted In: Uncategorized

Case 84385 Summary Arbitrary code execution as cpanel-horde user via cache file poisioning. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default …

 Comment 

TSR 2013-0012 Full Disclosure

Dec24
by Ike on December 24, 2013 at 2:34 am
Posted In: Uncategorized

Case 84681 Summary Arbitrary file read for ACL limited reseller accounts via XML-API. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The WHM XML and JSON APIs allowed arbitrary files to be read through the “getpkginfo” API call. By sending a crafted input to …

 Comment 

60 queries. 8.25 mb Memory usage. 0.479 seconds.