More zPanel security flaws? Trying to sort them out

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So the head of the zPanel project "ballen" ("Bobby Allen" according to
Google) reports:

http://forums.zpanelcp.com/showthread.php?27608-ZPanelCP-Server-has-not-been-compromised

======
4) Security issues raised
The security issues mentioned in the following article
(http://imgur.com/a/lzRuo) are already fixed, however we are a short
way off being able to release the new version. All known security
vulnerabilities have been announced on here with fixes and guides.
======

I'm unable to find this list or a dedicated security page (apart from
a list of 4 security features at
http://www.zpanelcp.com/about/features/#tab-1-3).

Can you please send me that list with URLs and ideally source code
commits so we can get CVE #'s assigned to the zPanel vulnerabilities?
Alternatively if anyone in the community wants to do it that'd be
great as well. Thanks in advance.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRmFxKAAoJEBYNRVNeJnmTCwIP/0zXFzVNilB/y5tM95ngf0hl
GcdEbxxbP0E9L+hm5jlm9ILkP84muTsgfhiT7eB5IBT/+MiMAkXMTKZ8bkkuzee8
FRuLKUMlon2jaGE7QJHeNyh6cjq/NK9HdAbEFm7c6l3IoBPYt3yCcO00VLm2x6sq
y8xGdiAtu35qjhFwtjI4jXTsnLOOYql8ZW5ej/3h10beAIldRtZ79tSRm/68Br4F
tn2Qn0qjMbBxAt60nNpQCHEMKk94InaA9ZnhxVQUxnmqtSqAqhEUPakC1/iuERm/
ctOE1jK5nlo7eEXH6yPWbVVcdcz9NhHnGsnmpXCGh+1pB8JP1mGbSMVMvUHQ81ri
egGuar0SUWzQKc19ikI+jxkf80eNgX7XxZHeSnxsz0pG/TOJ5EIod0Y3ut3pV6ei
yY8tc18iWjUNNIcp2ZlR+rHdFBZSApqVp/q/MeznfHIwKCzXSk2Mvnmk/kYDU+ml
lqrMgxvXcQ6ff0DsTa2lLAqG46eOScARHzIs8Q+gwvtSq1o5n8MhKWwBM1XnjYhO
nFywDzKwCqnx0kq5GTkmn5VEtRliRJ3aHjUI9mwa0E+ix3FyEXYSzAYnCv8JTYxd
awQdvQ1sFTKio3FPiJPjjXgb3BBGW9JMBNWS+8rJiUGfv/OJnjbCo5Ap/EdKilDj
s46AoBfJqq2H/1E4A3T8
=mKa/
-----END PGP SIGNATURE-----