DirectAdmin


# VER L/R AUTH S REPORTED TYPE DESCRIPTION
01 1.322 L Y N 09/01/2008 design issue uid and gid reuse issues
02 1.322 L Y N 09/03/2008 symlink resellers can control any file
03 1.322 L Y/N N 09/07/2008 permissions insecure default majordomo setup
04 1.351 L Y N unreported undisclosed local DA users can obtain root privs
05 1.351 L Y N unreported undisclosed local DA users can obtain root privs
06 1.351 L Y N unreported undisclosed XSS
07 1.351 L Y N unreported undisclosed local DA users can obtain root privs
08 1.351 L Y N unreported undisclosed local DA users can obtain root privs
09 1.351 L Y N unreported undisclosed local DA users can obtain root privs
10 1.351 L Y N unreported undisclosed local DA users can obtain root privs
11 1.351 L Y N unreported undisclosed local DA users can obtain root privs
12 1.351 L Y N unreported undisclosed local DA users can obtain root privs
13 1.351 L Y N unreported undisclosed local DA users can obtain root privs
14 1.351 L Y N unreported undisclosed local DA users can obtain root privs
15 1.351 L Y N unreported undisclosed local DA users can obtain root privs
16 1.351 L Y N unreported undisclosed local DA users can obtain root privs
17 1.351 L Y N unreported undisclosed local DA users can obtain root privs
18 1.351 L Y N unreported undisclosed local DA users can obtain root privs
19 1.351 L Y N unreported undisclosed local DA users can obtain root privs
20 1.351 L Y N unreported undisclosed local DA users can obtain root privs
21 1.351 L Y N unreported undisclosed local DA users can obtain root privs
22 1.351 L Y N unreported undisclosed local DA users can obtain root privs
23 1.351 L Y N unreported undisclosed local DA users can obtain root privs
24 1.351 L Y N unreported undisclosed local DA users can obtain root privs
25 1.351 L Y N unreported undisclosed local DA users can obtain root privs
26 1.351 L Y N unreported undisclosed local DA users can obtain root privs
27 1.351 L Y N unreported undisclosed local DA users can obtain root privs
28 1.351 L Y N unreported undisclosed local DA users can obtain root privs
29 1.351 L Y N unreported undisclosed local DA users can obtain sensitive info
30 1.351 L Y N unreported undisclosed local DA users can obtain root privs
31 1.351 L Y N unreported undisclosed local DA users can obtain root privs
32 1.351 L Y N unreported undisclosed local DA users can obtain root privs
33 1.351 L Y N unreported undisclosed local DA users can obtain root privs
34 1.351 L Y N unreported undisclosed local DA users can obtain root privs
35 1.351 L Y N unreported undisclosed local DA users can destroy data
36 1.351 L Y N unreported undisclosed local DA users can obtain root privs
37 1.351 L Y N unreported undisclosed local users can obtain sensitive info
38 1.351 L Y N unreported undisclosed local DA users can obtain root privs
39 1.351 L Y N unreported undisclosed local DA users can obtain root privs
40 1.351 L Y N unreported undisclosed local DA users can obtain root privs
41 1.351 L Y N unreported undisclosed local users can obtain sensitive info
42 1.351 L Y N unreported undisclosed local DA users can destroy data
43 1.351 L Y N unreported undisclosed local DA users can obtain root privs
44 1.351 L Y N unreported undisclosed local DA users can obtain root privs
45 1.351 L Y N unreported undisclosed local DA users can obtain root privs
46 1.351 L Y N unreported undisclosed local DA users can obtain root privs




Trivial very minor issues
Low XSS, info leaks
Medium destructive actions, access others' accounts
High local root (auth required), /root/.accesshash, /etc/shadow access
Less Critical local root (no auth required)
Critical remote root (no auth required)
L/R Local/Remote
Auth Authentication required
S Bug found via source code review