MidnightBSD

Advisories for webhost_automation

CVE-2004-1498 HIGH

SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
webhost_automation helm_control_panel 3.1.11
webhost_automation helm_control_panel 3.1.14
webhost_automation helm_control_panel 3.1.12
webhost_automation helm_control_panel 3.1.15
webhost_automation helm_control_panel 3.1.16
webhost_automation helm_control_panel 3.1.18
webhost_automation helm_control_panel 3.1.10
webhost_automation helm_control_panel 3.1.13
webhost_automation helm_control_panel 3.1.19
webhost_automation helm_control_panel 3.1.17
CVE-2004-1499 MEDIUM

Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
webhost_automation helm_control_panel 3.1.11
webhost_automation helm_control_panel 3.1.14
webhost_automation helm_control_panel 3.1.12
webhost_automation helm_control_panel 3.1.15
webhost_automation helm_control_panel 3.1.16
webhost_automation helm_control_panel 3.1.18
webhost_automation helm_control_panel 3.1.10
webhost_automation helm_control_panel 3.1.13
webhost_automation helm_control_panel 3.1.19
webhost_automation helm_control_panel 3.1.17
CVE-2006-1407 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
webhost_automation helm_web_hosting_control_panel *