Lucene search
K

100 matches found

Vulnrichment
Vulnrichment
added 2023/08/10 5:39 p.m.14 views

CVE-2023-39964 1Panel O&M management panel has a background arbitrary file reading vulnerability

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...

7.5CVSS6.8AI score0.0082EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/10 5:39 p.m.25 views

CVE-2023-39964 1Panel O&M management panel has a background arbitrary file reading vulnerability

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the...

7.5CVSS7.6AI score0.0082EPSS
Exploits1References2
CVE
CVE
added 2023/08/10 5:39 p.m.2537 views

CVE-2023-39964

Summary: CVE-2023-39964 affects 1Panel O&M panel. In version 1.4.3, the function LoadFromFile in api/v1/file.go reads a server file directly from the unfiltered path parameter, enabling arbitrary file reads of important configuration files. The issue is a background file read vulnerability exploi...

7.5CVSS7.3AI score0.0082EPSS
In wildExploits1References2Affected Software1
Circl
Circl
added 2023/08/10 6:47 a.m.4 views

CVE-2023-39965

creationtimestamp| type| source ---|---|--- 2023-08-10 06:47:11+00:00| published-proof-of-concept| https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555...

6.5CVSS6.2AI score0.00382EPSS
Exploits1References1
NVD
NVD
added 2023/07/18 7:15 p.m.42 views

CVE-2023-37477

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS0.05354EPSS
Exploits1References2
Prion
Prion
added 2023/07/18 7:15 p.m.17 views

Command injection

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

6.5CVSS8.9AI score0.05354EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/07/18 7:10 p.m.29 views

GHSA-P9XF-74XH-MHW5 1Panel command injection vulnerability in Firewall ip functionality

Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Details 1Panel firewall functionality /hosts/firewall/...

8.8CVSS8AI score0.05354EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/07/18 6:25 p.m.47 views

CVE-2023-37477 Command injection in firewall ip functionality in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

7.2CVSS9AI score0.05354EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/18 6:25 p.m.15 views

CVE-2023-37477 Command injection in firewall ip functionality in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

7.2CVSS8.8AI score0.05354EPSS
Exploits1References2
OSV
OSV
added 2023/07/18 6:25 p.m.42 views

CVE-2023-37477 Command injection in firewall ip functionality in 1Panel

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

7.2CVSS8.9AI score0.05354EPSS
Exploits1References4
CVE
CVE
added 2023/07/18 6:25 p.m.72 views

CVE-2023-37477

1Panel exposes an OS command injection in its firewall IP endpoint (/hosts/firewall/ip). The vulnerability allows an authenticated attacker to craft input that leads to arbitrary command execution, potentially full system compromise. The issue stems from lack of input validation in the firewall f...

8.8CVSS8AI score0.05354EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/07/06 7:45 a.m.15 views

Command Injection

github.com/1panel-dev/1panel is vulnerable to Command Injections. The vulnerability exists when adding container repositories which allows an attacker to inject and execute arbitrary commands...

8.8CVSS7.4AI score0.01989EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/07/05 9:38 p.m.26 views

GHSA-7X2C-FGX6-XF9H 1Panel vulnerable to command injection when entering the container terminal

Impact The authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. 1. Vulnerability analysis. backend\app\api\v1\terminal.goContainerWsSsh 2. vulnerability reproduction. GET...

6.3CVSS7.5AI score0.01989EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/07/05 8:57 p.m.12 views

CVE-2023-36457 1Panel vulnerable to command injection when adding container repositories

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...

6.3CVSS7.4AI score0.01989EPSS
Exploits1References2
CVE
CVE
added 2023/07/05 8:57 p.m.2580 views

CVE-2023-36457

1Panel (open-source Linux server operation/maintenance panel) prior to v1.3.6 is affected by a command injection vulnerability when adding container repositories. An authenticated attacker can craft a malicious payload (as demonstrated by the reported payloads in advisories) to trigger code execu...

8.8CVSS7.5AI score0.01989EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/05 8:57 p.m.20 views

CVE-2023-36457 1Panel vulnerable to command injection when adding container repositories

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6...

6.3CVSS9.1AI score0.01989EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/07/05 8:57 p.m.22 views

CVE-2023-36458 1Panel vulnerable to ommand injection when entering the container terminal

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6...

6.3CVSS9.1AI score0.01989EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/07/05 8:57 p.m.14 views

CVE-2023-36458 1Panel vulnerable to ommand injection when entering the container terminal

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6...

6.3CVSS7.4AI score0.01989EPSS
Exploits1References2
CVE
CVE
added 2023/07/05 8:57 p.m.2595 views

CVE-2023-36458

1Panel is an open source Linux server operation and maintenance panel. Affected versions are

8.8CVSS7.5AI score0.01989EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.4 views

1Panel 命令注入漏洞

1Panel is an open source Linux server operation and management panel for the Chinese 1Panel community. A command injection vulnerability exists in versions prior to 1.3.6 of 1Panel, which originates from allowing an attacker to build a malicious payload to achieve command injection when entering ...

8.8CVSS7.9AI score0.01989EPSS
Exploits1References3
Rows per page
Query Builder