Major Horde/cPanel Exploit! (Full Version)

All Forums >> [Community] >> OutFront Discoveries



Message

BobbyDouglas -> Major Horde/cPanel Exploit! (3/6/2008 22:35:04)

Anyone who currently uses Horde webmail with the control panel cPanel, may want to make sure your host is aware of a new security exploit.

This exploit has been verified to provide root access to the server. Not all hosting companies have been made aware of this, so you may want to double check that Horde is NOT enabled on your server. If it is, you will want to let them know about the security exploit.

SECURITY ALERT: Horde arbitrary file inclusion vulnerability.

I went to a couple hosting companies that some of the members here use, and so far, not a single one has disabled/fixed Horde.



jaybee -> RE: Major Horde/cPanel Exploit! (3/7/2008 8:13:02)

I had two client sites hacked via that route last week.



BobbyDouglas -> RE: Major Horde/cPanel Exploit! (3/7/2008 13:30:11)

quote:

ORIGINAL: jaybee

I had two client sites hacked via that route last week.

- Upgrade has been made available from cPanel. Tested and verified that it is working.

You should login to your cPanel and verify that you are running version 11.18.2 or higher.



treetopsranch -> RE: Major Horde/cPanel Exploit! (3/7/2008 21:09:51)

Does that version (11.18.2) still allow FP extensions?



BobbyDouglas -> RE: Major Horde/cPanel Exploit! (3/7/2008 23:28:24)

I just checked on a couple client sites running FPSE and they appear to still work. cPanel hasn't mentioned that FPSE have been removed, so I would assume they still work. I do know there are a couple hosts who have already decided to remove FPSE. It's bound to happen to everyone sometime. We won't remove it until there is an actual security issue though.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.0625