Installatron


# VER L/R AUTH S REPORTED TYPE DESCRIPTION
01 6.0.5 R, 6.0.3 S L Y N 07/02/2009 symlink local users could escalate privileges to root
02 6.0.7, 6.0.9 L Y N 04/11/2010 symlink local users could create or overwrite any file on the box
03 6.0.7, 6.0.9 L Y N 04/11/2010 symlink cPanel users could execute commands as root
04 6.0.7, 6.0.9 L Y N 04/11/2010 symlink cPanel users could view any file on the box
05 6.0.7, 6.0.9 L Y N 04/11/2010 symlink cPanel users could obtain a directory listing of any dir
06 6.0.7, 6.0.9 L Y N 04/11/2010 symlink resellers could execute commands as root
07 6.0.7, 6.0.9 L Y N 04/11/2010 symlink resellers could execute commands as root
08 6.0.7, 6.0.9 L Y N 04/11/2010 symlink resellers could execute commands as root
09 6.0.7, 6.0.9 L Y N 04/11/2010 symlink resellers could execute commands as root




Trivial very minor issues
Low XSS, info leaks
Medium destructive actions, access others' accounts
High local root (auth required), /root/.accesshash, /etc/shadow access
Less Critical local root (no auth required)
Critical remote root (no auth required)
L/R Local/Remote
Auth Authentication required
S Bug found via source code review