For those of you that have websites that use cPanel, you may
want to tell your hosts about this below.
-Clint
Happy Thanksgiving to all & God Bless
Clint Hamilton, Owner
http://www.OrpheusCom
puting.com
http://www.Comput
ersCustomBuilt.com
----- Original Message -----
TITLE:
cPanel "dns" Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA22984
VERIFY ADVISORY:
http://secunia.c
om/advisories/22984/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
cPanel 10.x
http://secunia.com/p
roduct/5280/
DESCRIPTION:
Aria-Security has reported a vulnerability in cPanel, which
can
be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed to the "dns" parameter in
dnslook.html is not
properly sanitised before being returned to the user. This
can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected
site.
The vulnerability is reported in version 10. Other versions
may
also be affected.
SOLUTION:
Update to version 10.9.0 R75.
ORIGINAL ADVISORY:
http://www.aria-security.com/forum/showthread.php?t=30
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|