81 matches found
Exploit for Reliance on Cookies without Validation and Integrity Checking in Mgt-Commerce Cloudpanel
CVE-2023-35885 Cloudpanel 0-day Exploit Author: @EagleTube, @...
CloudPanel 2.2.2 Privilege Escalation / Path Traversal
Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github : https://github.com/EagleTube/CloudPanel/tree/main/CVE-2023-33747 Version Affected : CloudPanel v2.0.0 - v2.2.2 Vendor : CloudPanel.io Date : 31/05/2023 , 12:00 PM Step : Login as ssh as...
CloudPanel 2.2.2 Privilege Escalation / Path Traversal Exploit
CloudPanel versions 2.0.0 through 2.2.2 suffer from a privilege escalation vulnerability when a traversal is leveraged against clpctlWrapper for which all normal users have sudo access. Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github :...
CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal...
CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal...
Path traversal
CloudPanel v2.2.2 allows attackers to execute a path traversal...
CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal...
PT-2023-24471 · Unknown · Cloudpanel
Name of the Vulnerable Software and Affected Versions: CloudPanel version 2.2.2 Description: The issue allows attackers to execute a path traversal. Recommendations: For CloudPanel version 2.2.2, at the moment, there is no information about a newer version that contains a fix for this vulnerabili...
CVE-2023-33747
CloudPanel v2.2.2 (CVE-2023-33747) is documented as vulnerable to a path-traversal issue enabling local access and potential privilege escalation. Connected sources (e.g., PacketStorm’s CloudPanel 2.2.2 Privilege Escalation / Path Traversal) describe an exploit path related to clpctlWrapper and f...
CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal...
CVE-2023-33747
CloudPanel v2.2.2 allows attackers to execute a path traversal...
MGT-COMMERCE CloudPanel 路径遍历漏洞
MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. It is designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel version 2.2.2, which stems from a vulnerability that allows an attacker to perform path...
PT-2023-3996 · Unknown · Cloudpanel
Name of the Vulnerable Software and Affected Versions: CloudPanel versions 2.0.0 through 2.3.0 CloudPanel version 2.3.0 Description: The issue is related to insufficient access control in the File Manager component of CloudPanel, specifically when handling clp-fm cookie files without verifying...
The vulnerability of the control panel for servers and cloud services, CloudPanel, arises from the use of a rigidly encrypted cryptographic key for the SSL certificate. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the control panel for servers and cloud services like CloudPanel lies in the use of a strictly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
CVE-2023-0391
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...
CVE-2023-0391 MGT-COMMERCE CloudPanel Shared Certificate
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...
CVE-2023-0391
CVE-2023-0391 affects MGT-COMMERCE CloudPanel. The issue: CloudPanel ships with a static SSL certificate (and private key) shared across all installations, observed in version 2.2.0. This enables fingerprintable certificates and allows an attacker with access to capture or decrypt HTTPS traffic t...
CVE-2023-0391 MGT-COMMERCE CloudPanel Shared Certificate
MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...
CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures
While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...
MGT-COMMERCE CloudPanel 信任管理问题漏洞
MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. It is designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel version 2.2.0, which stems from the fact that the system comes with a static SSL certificat...