Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Directadmin Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-56551 1 Directadmin 1 Directadmin 2025-10-15 N/A 8.2 HIGH
An issue in DirectAdmin v1.680 allows unauthorized attackers to manipulate the page layout and replace the legitimate login interface with arbitrary attacker-controlled content via supplying a crafted GET request.
CVE-2011-5033 2 Configserver, Directadmin 2 Configserver Security Firewall, Directadmin Server 2025-04-11 4.4 MEDIUM N/A
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.
CVE-2012-5305 1 Directadmin 1 Directadmin 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
CVE-2007-3501 1 Directadmin 1 Directadmin 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin 1.30.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vector than CVE-2007-1508.
CVE-2007-4830 1 Directadmin 1 Directadmin 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2019-9625 1 Directadmin 1 Directadmin 2024-11-21 6.8 MEDIUM 8.8 HIGH
JBMC DirectAdmin 1.55 allows CSRF via the /CMD_ACCOUNT_ADMIN URI to create a new admin account.
CVE-2017-18045 1 Directadmin 1 Directadmin 2024-11-21 7.5 HIGH 9.8 CRITICAL
JBMC DirectAdmin before 1.52, when the email_ftp_password_change setting is nonzero, allows remote attackers to obtain access or cause a denial of service (segfault) via an unspecified request.