Control Panel Security Vulnerabilities
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
9.8CVSS
9.8AI Score
0.001EPSS
Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the.....
8.8CVSS
9.1AI Score
0.001EPSS
Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel. An attacker must first obtain the ability to execute low-privileged code on the target system in...
7.8CVSS
8AI Score
0.001EPSS
Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within...
8.8CVSS
9.1AI Score
0.001EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2...
8.8CVSS
8.8AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to...
6.1CVSS
5.1AI Score
0.001EPSS
9.1CVSS
8.7AI Score
0.001EPSS
Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information...
8.1CVSS
7.3AI Score
0.001EPSS
Media CP Media Control Panel latest version. Insufficiently protected credential...
7.5CVSS
7.5AI Score
0.001EPSS
Media CP Media Control Panel latest version. Reflected XSS possible through unspecified...
8.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in Vesta Control Panel. Affected is an unknown function of the file func/main.sh of the component sed Handler. The manipulation leads to argument injection. An attack has to be approached locally. The name of the patch is...
7.8CVSS
8AI Score
0.0004EPSS
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server...
7.2CVSS
7.5AI Score
0.028EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to...
5.9AI Score
0.002EPSS
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH...
7.3AI Score
0.006EPSS
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...
9.8CVSS
9.5AI Score
0.002EPSS
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted...
6.1CVSS
5.9AI Score
0.001EPSS
Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to...
8.8CVSS
8.8AI Score
0.001EPSS
7.2CVSS
7AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.002EPSS
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at...
6.1CVSS
6AI Score
0.001EPSS
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at...
6.1CVSS
6AI Score
0.001EPSS
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at...
6.1CVSS
6AI Score
0.001EPSS
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the post function at...
6.1CVSS
6AI Score
0.001EPSS
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root...
8.8CVSS
9AI Score
0.002EPSS
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to...
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to...
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to...
6.1CVSS
6AI Score
0.001EPSS
Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to...
6.1CVSS
6AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
9.8CVSS
9.4AI Score
0.003EPSS
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote...
9.8CVSS
9.9AI Score
0.03EPSS
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware...
9.8CVSS
9.4AI Score
0.008EPSS
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of...
9.8CVSS
9.5AI Score
0.008EPSS
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and...
7.5CVSS
7.6AI Score
0.005EPSS
A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote.....
9.8CVSS
9.9AI Score
0.03EPSS
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are...
9.8CVSS
9.4AI Score
0.004EPSS
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a...
9.8CVSS
9.5AI Score
0.006EPSS
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to....
9.8CVSS
9.9AI Score
0.026EPSS
VestaCP through 0.9.8-24 allows attackers to gain privileges by creating symlinks to files for which they lack permissions. After reading the RKEY value from user.conf under the /usr/local/vesta/data/users/admin directory, the admin password can be changed via a...
7.8CVSS
7.8AI Score
0.0005EPSS
VestaCP through 0.9.8-24 allows the admin user to escalate privileges to root because the Sudo configuration does not require a password to run /usr/local/vesta/bin...
7.2CVSS
7.1AI Score
0.001EPSS
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different...
8.8CVSS
8.6AI Score
0.023EPSS
Improper access control in the Intel(R) HD Graphics Control Panel before version 15.40.46.5144 and 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local...
5.5CVSS
5.7AI Score
0.0004EPSS
Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email...
5.4CVSS
5.2AI Score
0.001EPSS
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron...
8.8CVSS
9AI Score
0.003EPSS
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change...
8.8CVSS
8.8AI Score
0.001EPSS
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server...
6.5CVSS
6.4AI Score
0.002EPSS
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell.....
8.8CVSS
8.6AI Score
0.971EPSS
Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the....
8.8CVSS
8.9AI Score
0.002EPSS