Lucene search
K

100 matches found

Vulnrichment
Vulnrichment
added 2024/07/18 3:35 p.m.30 views

CVE-2024-39911 1Panel SQL injection

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...

10CVSS7.2AI score0.04566EPSS
Exploits2References2
OSV
OSV
added 2024/07/18 3:35 p.m.16 views

CVE-2024-39911 1Panel SQL injection

1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability...

10CVSS7.2AI score0.04566EPSS
Exploits2References4
Cvelist
Cvelist
added 2024/07/18 3:31 p.m.25 views

CVE-2024-39907 a sqlinjection in 1Panel

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

9.8CVSS0.29396EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/18 3:31 p.m.17 views

CVE-2024-39907 a sqlinjection in 1Panel

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to...

9.8CVSS9.7AI score0.29396EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/06/08 12:0 a.m.6 views

PT-2024-5240 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.12-lts Description: The issue is related to an unspecified SQL injection via User-Agent handling in 1Panel, a web-based Linux server management control panel. This could allow a remote attacker to execute arbitra...

10CVSS9AI score0.04566EPSS
Exploits2References11
OSV
OSV
added 2024/06/05 3:10 p.m.10 views

GO-2024-2734 1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel

1Panel's password verification is suspected to have a timing attack vulnerability in github.com/1Panel-dev/1Panel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive report...

5.9CVSS4.8AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2024/06/04 3:19 p.m.38 views

GO-2024-2636 1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel

1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel...

9.8CVSS8AI score0.03044EPSS
Exploits1References7
OSV
OSV
added 2024/05/14 1:4 p.m.38 views

GO-2024-2830 Arbitrary file write in github.com/1Panel-dev/1Panel

A maliciously crafted packet can write to an arbitrary file...

7.5CVSS6.8AI score0.01329EPSS
Exploits1References2
OSV
OSV
added 2024/05/09 3:14 p.m.28 views

GHSA-F8CH-W75V-C847 1Panel arbitrary file write vulnerability

Summary There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol to achieve arbitrary file writing PoC Dockerfile FROM bash:latest COPY...

6.5CVSS7.2AI score0.01329EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/04/18 2:56 p.m.21 views

CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

3.9CVSS4.6AI score0.0038EPSS
Exploits0References2
OSV
OSV
added 2024/04/18 2:56 p.m.7 views

CVE-2024-30257 1Panel's password verification is suspected to have a timing attack vulnerability

1Panel is an open source Linux server operation and maintenance management panel. The password verification in the source code uses the != symbol instead hmac.Equal. This may lead to a timing attack vulnerability. This vulnerability is fixed in 1.10.3-lts...

3.9CVSS6AI score0.0038EPSS
Exploits0References4
Veracode
Veracode
added 2024/03/11 5:2 a.m.18 views

Command Injection

github.com/1panel-dev/1panel is vulnerable to Command Injection. The vulnerability is caused due to a lack of proper input validation in the "Path" argument, This flaw allows an attacker to manipulate the "Path" and inject arbitrary commands and can potentially lead to Command Injection...

9.8CVSS7AI score0.03044EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2024/03/10 3:30 a.m.18 views

GHSA-X2VG-5WRF-VJ6V 1Panel is vulnerable to command injection

1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the...

6.3CVSS8.1AI score0.03044EPSS
Exploits1References7
NVD
NVD
added 2024/03/10 2:16 a.m.33 views

CVE-2024-2352

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...

9.8CVSS6.8AI score0.03044EPSS
Exploits1References5
OSV
OSV
added 2024/03/10 2:16 a.m.9 views

CVE-2024-2352

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...

9.8CVSS9.8AI score
Exploits0References5
Prion
Prion
added 2024/03/10 2:16 a.m.23 views

Command injection

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...

6.5CVSS7.7AI score0.03044EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/03/10 1:31 a.m.18 views

CVE-2024-2352 1Panel swap baseApi.UpdateDeviceSwap command injection

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...

6.5CVSS7.3AI score0.03044EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/03/10 1:31 a.m.32 views

CVE-2024-2352 1Panel swap baseApi.UpdateDeviceSwap command injection

A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to...

6.5CVSS7.1AI score0.03044EPSS
Exploits1References5
CVE
CVE
added 2024/03/10 1:31 a.m.121 views

CVE-2024-2352

1Panel up to 1.10.1-lts is affected by CVE-2024-2352 via command injection in the function baseApi.UpdateDeviceSwap (file /api/v1/toolbox/device/update/swap). The issue arises from untrusted input in the Path argument (example: 123123123\nopen -a Calculator), which can be exploited remotely. Publ...

9.8CVSS6.8AI score0.03044EPSS
Exploits1References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2024/03/10 12:0 a.m.27 views

1Panel is vulnerable to command injection

1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the...

9.8CVSS7.7AI score0.03044EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder