RSS   Vulnerabilities for 'Webuzo'   RSS

2014-12-27
 
CVE-2013-6043

CWE-200
 

 
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

 
 
CVE-2013-6041

CWE-78
 

 
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

 
2013-11-18
 
CVE-2013-6042

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

 

 >>> Vendor: Softaculous 4 Products
Webuzo
Whmcs reseller module
Softaculous
Speedycache


Copyright 2024, cxsecurity.com

 

Back to Top