Overview
Description
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.
Statistics
- 1 Post
Last activity: 9 hours ago
Fediverse
Spoiler de l'épisode de hier : cPanel a bien livré les détails techniques en même temps que les patchs.
Au menu de l'after :
• CVE-2026-29201 : path traversal :8bitrainbow: via feature::LOADFEATUREFILE → fichier arbitraire en world-readable
• CVE-2026-29202 : injection Perl dans create_user (paramètre plugin)
• CVE-2026-29203 : symlink mal géré → chmod arbitraire → DoS + escalade de privilèges
/scripts/upcp et go apero!
Bon courage aux admins de garde 🫡
https://docs.cpanel.net/changelogs/134-change-log/#134025
https://vulnerability.circl.lu/vuln/CVE-2026-29203
#CyberVeille #cpanel #CVE_2026_29203
#CVE_2026_29202
#CVE_2026_29201
Overview
Description
Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface.
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago
Fediverse
Overview
Description
run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago
Fediverse
Overview
Description
Nvu 0.99+1.0pre uses an old copy of Mozilla XPCOM which can result in multiple security issues.
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago
Fediverse
Overview
Description
Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago
Fediverse
Overview
Description
Zoo 2.10 has Directory traversal
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago
Fediverse
Overview
Description
I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.
Statistics
- 1 Post
- 1 Interaction
Last activity: 5 hours ago