[VIM] Helm Control Panel followup

security curmudgeon jericho at attrition.org
Fri Apr 14 05:19:47 EDT 2006

: > http://www.webhostautomation.com/webhost-301
: CVE missed it the first time around, and it looks like some other vdbs
: have, but the entry for 3.2.9 has fairly clear acknowledgement of
: CVE-2006-0211:
:   3.2.9
:   -------
:   ...
:   Fixed XSS issue in password reminder page

been on my to-do list, I dug up the following from the Helm changelog a 
while back but just now got around to adding entries. I didn't make an 
entry for the 3.1.9 'overflow error with account limits' because something 
just doesn't sound right about it. sounds like *maybe* a crash at best, 
but its just a hunch on the limited wording. i also couldn't dig up dates 
for the 3.1.14 (or prior) stuff, only figuring out they are all from 
before Mar 2004. Also note, the "default page xss" from below is different 
than the 2006-03-27 one (OSVDB 24126).


3.2.6   (2005-08-30)
Fixed XSS entry in default page


Fixed security issue: Reseller plan and package access

Fixed overflow error with account limits

Fixed FTP issue where users were able to take over

Fixed integer overflow error in statistics

More information about the VIM mailing list