pcsjj

6 exploits Active since Oct 2012
CVE-2012-5685 EXPLOITDB text WORKING POC
ZPanel <10.0.1 - SQL Injection
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
CVE-2012-5684 EXPLOITDB text WORKING POC
ZPanel <10.0.1 - XSS
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.
CVE-2012-5683 EXPLOITDB text WORKING POC
ZPanel 10.0.1- - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP users via a CreateFTP action in the ftp_management module to the default URI, (2) conduct cross-site scripting (XSS) attacks via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/, or (3) conduct SQL injection attacks via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
CVE-2012-5387 EXPLOITDB text WORKING POC
White Label CMS <1.5.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences.
CVE-2012-5388 EXPLOITDB text WORKING POC
White Label CMS <1.5 - XSS
Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, a related issue to CVE-2012-5387.
CVE-2012-5686 EXPLOITDB CRITICAL text WORKING POC
ZPanel 10.0.1 - Info Disclosure
ZPanel 10.0.1 has insufficient entropy for its password reset process.
CVSS 9.8