CVE-2005-1932 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-1932
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-1932

Description: Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php.

CVE Status: Candidate

References: SAID Secunia Advisory: SA15589 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html CONFIRM http://www.lpanel.net/changelog.php BID 13869

Return to the previous page.