CVE-2005-1932 - OpenCVE

Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lpanel	Lpanel

Configuration 1 [-]

OR	cpe:2.3:a:lpanel:lpanel:1.59:::::::*
	cpe:2.3:a:lpanel:lpanel:1.593:::::::*
	cpe:2.3:a:lpanel:lpanel:1.594:::::::*
	cpe:2.3:a:lpanel:lpanel:1.596:::::::*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html
http://secunia.com/advisories/15589/
http://www.lpanel.net/changelog.php
http://www.securityfocus.com/bid/13869

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-06-30T04:00:00Z

Updated: 2024-09-17T03:59:07.507Z

Reserved: 2005-06-09T00:00:00Z

Link: CVE-2005-1932

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2005-07-05T04:00:00.000

Modified: 2008-09-05T20:50:27.807

Link: CVE-2005-1932

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2005-06-30T04:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "13869", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/13869"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to reset the DNS information of any domain name managed by the system.", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to the unauthorized viewing of client invoice information.", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to respond to any support ticket on the system.", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.lpanel.net/changelog.php"}, {"name": "15589", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15589/"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to open any support ticket within the system.", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to close any support ticket within the system.", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-1932", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "13869", "refsource": "BID", "url": "http://www.securityfocus.com/bid/13869"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to reset the DNS information of any domain name managed by the system.", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to the unauthorized viewing of client invoice information.", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to respond to any support ticket on the system.", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html"}, {"name": "http://www.lpanel.net/changelog.php", "refsource": "CONFIRM", "url": "http://www.lpanel.net/changelog.php"}, {"name": "15589", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15589/"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to open any support ticket within the system.", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to close any support ticket within the system.", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:06:57.667Z"}, "title": "CVE Program Container", "references": [{"name": "13869", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/13869"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to reset the DNS information of any domain name managed by the system.", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to the unauthorized viewing of client invoice information.", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to respond to any support ticket on the system.", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.lpanel.net/changelog.php"}, {"name": "15589", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/15589/"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to open any support ticket within the system.", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html"}, {"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to close any support ticket within the system.", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-1932", "datePublished": "2005-06-30T04:00:00Z", "dateReserved": "2005-06-09T00:00:00Z", "dateUpdated": "2024-09-17T03:59:07.507Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lpanel:lpanel:1.59:*:*:*:*:*:*:*", "matchCriteriaId": "023B1268-93B7-4ABC-B0D6-08B0F185BD04", "vulnerable": true}, {"criteria": "cpe:2.3:a:lpanel:lpanel:1.593:*:*:*:*:*:*:*", "matchCriteriaId": "AF3C1988-84E8-4931-9E42-20667CA997C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:lpanel:lpanel:1.594:*:*:*:*:*:*:*", "matchCriteriaId": "B74E52EE-9A94-4F52-B5FC-397B7682C01A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lpanel:lpanel:1.596:*:*:*:*:*:*:*", "matchCriteriaId": "A6B779FE-C7CE-4F05-A937-B9AFCE5C3419", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php."}], "id": "CVE-2005-1932", "lastModified": "2008-09-05T20:50:27.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-07-05T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/15589/"}, {"source": "cve@mitre.org", "url": "http://www.lpanel.net/changelog.php"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/13869"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}