LPanel多个输入验证漏洞

漏洞信息详情

LPanel多个输入验证漏洞

• CNNVD编号：CNNVD-200507-040
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2005-1932
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2005-07-05
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  lpanel
• 漏洞来源：
  Discovery of these…

Lpanel 1.59和更早版本，以及1.597之前的其他版本，可让远程认证的用户修改某些重要变量，并(1)通过diagnose.php的domain参数修改任意域的DNS设置，(2)通过view_ticket.php的close、open或pid参数关闭、打开或响应任意支持的凭证，(3)通过viewreceipt.php的inv参数获取关于任意发票的敏感信息，或(4)通过domains.php的editdomain参数修改任意域的域信息。

供应商已在LPanel的1.597版本中解决了此问题：

LPanel LPanel 1.59

LPanel LPanel 1.597

http://lpanel.net/members.php

LPanel LPanel 1.593

LPanel LPanel 1.597

http://lpanel.net/members.php

LPanel LPanel 1.594

LPanel LPanel 1.597

http://lpanel.net/members.php

LPanel LPanel 1.596

LPanel LPanel 1.597

http://lpanel.net/members.php

来源: BID

名称: 13869

链接:http://www.securityfocus.com/bid/13869

来源: www.lpanel.net

链接:http://www.lpanel.net/changelog.php

来源: SECUNIA

名称: 15589

链接:http://secunia.com/advisories/15589/

来源: FULLDISC

名称: 20050606 Lpanel.NET’s Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to reset the DNS information of any domain name managed by the system.

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html

来源: FULLDISC

名称: 20050606 Lpanel.NET’s Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to respond to any support ticket on the system.

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html

来源: FULLDISC

名称: 20050606 Lpanel.NET’s Lpanel (all versions up to and including 1.59) is vulnerable to the unauthorized viewing of client invoice information.

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html

来源: FULLDISC

名称: 20050606 Lpanel.NET’s Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html

来源: FULLDISC

名称: 20050606 Lpanel.NET’s Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to open any support ticket within the system.

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html

来源: FULLDISC

名称: 20050606 Lpanel.NET’s Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to close any support ticket within the system.

链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html