MidnightBSD

Advisories for jbmc-software

CVE-2009-1525 HIGH

CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote authenticated users to gain privileges via shell metacharacters in the name parameter during a restore action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
jbmc-software directadmin 1.192
jbmc-software directadmin 1.17
jbmc-software directadmin 1.121
jbmc-software directadmin 1.111
jbmc-software directadmin 1.222
jbmc-software directadmin 1.14
jbmc-software directadmin 1.01
jbmc-software directadmin 1.196
jbmc-software directadmin 1.172
jbmc-software directadmin 1.253
jbmc-software directadmin 1.296
jbmc-software directadmin 1.181
jbmc-software directadmin 1.266
jbmc-software directadmin 1.151
jbmc-software directadmin 1.312
jbmc-software directadmin 1.09
jbmc-software directadmin 1.231
jbmc-software directadmin 1.203
jbmc-software directadmin 1.212
jbmc-software directadmin 1.264
jbmc-software directadmin 1.275
jbmc-software directadmin 1.15
jbmc-software directadmin 1.206
jbmc-software directadmin 1.293
jbmc-software directadmin 1
jbmc-software directadmin 1.29
jbmc-software directadmin 1.294
jbmc-software directadmin 1.18
jbmc-software directadmin 1.331
jbmc-software directadmin 1.314
jbmc-software directadmin 1.321
jbmc-software directadmin 1.243
jbmc-software directadmin 1.254
jbmc-software directadmin 1.207
jbmc-software directadmin 1.295
jbmc-software directadmin 1.07
jbmc-software directadmin 1.211
jbmc-software directadmin 1.223
jbmc-software directadmin 1.221
jbmc-software directadmin 1.27
jbmc-software directadmin 1.19
jbmc-software directadmin 1.081
jbmc-software directadmin 1.224
jbmc-software directadmin 1.292
jbmc-software directadmin 1.24
jbmc-software directadmin 1.3
jbmc-software directadmin 1.311
jbmc-software directadmin 1.332
jbmc-software directadmin 1.285
jbmc-software directadmin 1.1741
jbmc-software directadmin 1.281
jbmc-software directadmin 1.265
jbmc-software directadmin 1.08
jbmc-software directadmin 1.261
jbmc-software directadmin 1.263
jbmc-software directadmin 1.286
jbmc-software directadmin 1.323
jbmc-software directadmin 1.161
jbmc-software directadmin 1.297
jbmc-software directadmin 1.1
jbmc-software directadmin 0.95
jbmc-software directadmin 1.244
jbmc-software directadmin 1.274
jbmc-software directadmin 1.273
jbmc-software directadmin 1.21
jbmc-software directadmin 1.225
jbmc-software directadmin 1.241
jbmc-software directadmin 1.04
jbmc-software directadmin 1.291
jbmc-software directadmin 1.213
jbmc-software directadmin 1.26
jbmc-software directadmin 1.193
jbmc-software directadmin 1.315
jbmc-software directadmin 1.11
jbmc-software directadmin 1.322
jbmc-software directadmin 1.2
jbmc-software directadmin 1.06
jbmc-software directadmin 1.16
jbmc-software directadmin 1.1941
jbmc-software directadmin 1.202
jbmc-software directadmin 1.282
jbmc-software directadmin 1.233
jbmc-software directadmin 1.234
jbmc-software directadmin 1.174
jbmc-software directadmin 1.302
jbmc-software directadmin 1.226
jbmc-software directadmin 1.05
jbmc-software directadmin 1.03
jbmc-software directadmin 1.152
jbmc-software directadmin 1.12
jbmc-software directadmin 1.32
jbmc-software directadmin 1.02
jbmc-software directadmin 1.25
jbmc-software directadmin 1.301
jbmc-software directadmin 1.201
jbmc-software directadmin 1.171
jbmc-software directadmin 1.252
jbmc-software directadmin 1.313
jbmc-software directadmin 1.232
jbmc-software directadmin 1.255
jbmc-software directadmin 1.13
jbmc-software directadmin 1.204
jbmc-software directadmin 1.251
jbmc-software directadmin 1.262
jbmc-software directadmin 1.23
jbmc-software directadmin 1.195
jbmc-software directadmin 1.235
jbmc-software directadmin 1.28
jbmc-software directadmin 1.31
jbmc-software directadmin 1.22
jbmc-software directadmin *
jbmc-software directadmin 1.205
jbmc-software directadmin 1.33
jbmc-software directadmin 1.173
jbmc-software directadmin 1.242
CVE-2009-1526 MEDIUM

JBMC Software DirectAdmin before 1.334 allows local users to create or overwrite any file via a symlink attack on an arbitrary file in a certain temporary directory, related to a request for this temporary file in the PATH_INFO to the CMD_DB script during a backup action.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
jbmc-software directadmin 1.192
jbmc-software directadmin 1.17
jbmc-software directadmin 1.121
jbmc-software directadmin 1.111
jbmc-software directadmin 1.222
jbmc-software directadmin 1.14
jbmc-software directadmin 1.01
jbmc-software directadmin 1.196
jbmc-software directadmin 1.172
jbmc-software directadmin 1.253
jbmc-software directadmin 1.296
jbmc-software directadmin 1.181
jbmc-software directadmin 1.266
jbmc-software directadmin 1.151
jbmc-software directadmin 1.312
jbmc-software directadmin 1.09
jbmc-software directadmin 1.231
jbmc-software directadmin 1.203
jbmc-software directadmin 1.212
jbmc-software directadmin 1.264
jbmc-software directadmin 1.275
jbmc-software directadmin 1.15
jbmc-software directadmin 1.206
jbmc-software directadmin 1.293
jbmc-software directadmin 1
jbmc-software directadmin 1.29
jbmc-software directadmin 1.294
jbmc-software directadmin 1.18
jbmc-software directadmin 1.331
jbmc-software directadmin 1.314
jbmc-software directadmin 1.321
jbmc-software directadmin 1.243
jbmc-software directadmin 1.254
jbmc-software directadmin 1.207
jbmc-software directadmin 1.295
jbmc-software directadmin 1.07
jbmc-software directadmin 1.211
jbmc-software directadmin 1.223
jbmc-software directadmin 1.221
jbmc-software directadmin 1.27
jbmc-software directadmin 1.19
jbmc-software directadmin 1.081
jbmc-software directadmin 1.224
jbmc-software directadmin 1.292
jbmc-software directadmin 1.24
jbmc-software directadmin 1.3
jbmc-software directadmin 1.311
jbmc-software directadmin 1.332
jbmc-software directadmin 1.285
jbmc-software directadmin 1.1741
jbmc-software directadmin 1.281
jbmc-software directadmin 1.265
jbmc-software directadmin 1.08
jbmc-software directadmin 1.261
jbmc-software directadmin 1.263
jbmc-software directadmin 1.286
jbmc-software directadmin 1.323
jbmc-software directadmin 1.161
jbmc-software directadmin 1.297
jbmc-software directadmin 1.1
jbmc-software directadmin 0.95
jbmc-software directadmin 1.244
jbmc-software directadmin 1.274
jbmc-software directadmin 1.273
jbmc-software directadmin 1.21
jbmc-software directadmin 1.225
jbmc-software directadmin 1.241
jbmc-software directadmin 1.04
jbmc-software directadmin 1.291
jbmc-software directadmin 1.213
jbmc-software directadmin 1.26
jbmc-software directadmin 1.193
jbmc-software directadmin 1.315
jbmc-software directadmin 1.11
jbmc-software directadmin 1.322
jbmc-software directadmin 1.2
jbmc-software directadmin 1.06
jbmc-software directadmin 1.16
jbmc-software directadmin 1.1941
jbmc-software directadmin 1.202
jbmc-software directadmin 1.282
jbmc-software directadmin 1.233
jbmc-software directadmin 1.234
jbmc-software directadmin 1.174
jbmc-software directadmin 1.302
jbmc-software directadmin 1.226
jbmc-software directadmin 1.05
jbmc-software directadmin 1.03
jbmc-software directadmin 1.152
jbmc-software directadmin 1.12
jbmc-software directadmin 1.32
jbmc-software directadmin 1.02
jbmc-software directadmin 1.25
jbmc-software directadmin 1.301
jbmc-software directadmin 1.201
jbmc-software directadmin 1.171
jbmc-software directadmin 1.252
jbmc-software directadmin 1.313
jbmc-software directadmin 1.232
jbmc-software directadmin 1.255
jbmc-software directadmin 1.13
jbmc-software directadmin 1.204
jbmc-software directadmin 1.251
jbmc-software directadmin 1.262
jbmc-software directadmin 1.23
jbmc-software directadmin 1.195
jbmc-software directadmin 1.235
jbmc-software directadmin 1.28
jbmc-software directadmin 1.31
jbmc-software directadmin 1.22
jbmc-software directadmin *
jbmc-software directadmin 1.205
jbmc-software directadmin 1.33
jbmc-software directadmin 1.173
jbmc-software directadmin 1.242
CVE-2009-2216 MEDIUM

Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
jbmc-software directadmin 1.33.1
jbmc-software directadmin *
jbmc-software directadmin 1.33.2
jbmc-software directadmin 1.292
jbmc-software directadmin 1.33.3
jbmc-software directadmin 1.33.4