Lucene search
K

81 matches found

GithubExploit
GithubExploit
added 2023/06/08 9:20 a.m.347 views

Exploit for Reliance on Cookies without Validation and Integrity Checking in Mgt-Commerce Cloudpanel

CVE-2023-35885 Cloudpanel 0-day Exploit Author: @EagleTube, @...

9.8CVSS9.6AI score0.75315EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/06/07 12:0 a.m.539 views

CloudPanel 2.2.2 Privilege Escalation / Path Traversal

Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github : https://github.com/EagleTube/CloudPanel/tree/main/CVE-2023-33747 Version Affected : CloudPanel v2.0.0 - v2.2.2 Vendor : CloudPanel.io Date : 31/05/2023 , 12:00 PM Step : Login as ssh as...

7.1AI score0.00469EPSS
Exploits3
0day.today
0day.today
added 2023/06/07 12:0 a.m.314 views

CloudPanel 2.2.2 Privilege Escalation / Path Traversal Exploit

CloudPanel versions 2.0.0 through 2.2.2 suffer from a privilege escalation vulnerability when a traversal is leveraged against clpctlWrapper for which all normal users have sudo access. Title : Privilege Escalation through path traversal CVE ID : CVE-2023-33747 Exploit Author : EagleEye Github :...

7.8CVSS7.3AI score0.00469EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2023/06/06 6:15 p.m.5 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7.8CVSS7.2AI score0.00469EPSS
Exploits3References7
NVD
NVD
added 2023/06/06 6:15 p.m.47 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7.8CVSS7.7AI score0.00469EPSS
Exploits3References6
Prion
Prion
added 2023/06/06 6:15 p.m.15 views

Path traversal

CloudPanel v2.2.2 allows attackers to execute a path traversal...

4.3CVSS7.6AI score0.00469EPSS
Exploits3References6Affected Software1
Cvelist
Cvelist
added 2023/06/06 12:0 a.m.65 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7.9AI score0.00469EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2023/06/06 12:0 a.m.11 views

PT-2023-24471 · Unknown · Cloudpanel

Name of the Vulnerable Software and Affected Versions: CloudPanel version 2.2.2 Description: The issue allows attackers to execute a path traversal. Recommendations: For CloudPanel version 2.2.2, at the moment, there is no information about a newer version that contains a fix for this vulnerabili...

7.8CVSS7.2AI score0.00469EPSS
Exploits3References12
CVE
CVE
added 2023/06/06 12:0 a.m.94 views

CVE-2023-33747

CloudPanel v2.2.2 (CVE-2023-33747) is documented as vulnerable to a path-traversal issue enabling local access and potential privilege escalation. Connected sources (e.g., PacketStorm’s CloudPanel 2.2.2 Privilege Escalation / Path Traversal) describe an exploit path related to clpctlWrapper and f...

7.8CVSS7.6AI score0.00469EPSS
Exploits3References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/06 12:0 a.m.12 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7AI score0.00469EPSS
Exploits3References6
OSV
OSV
added 2023/06/06 12:0 a.m.14 views

CVE-2023-33747

CloudPanel v2.2.2 allows attackers to execute a path traversal...

7.8CVSS7.3AI score0.00469EPSS
Exploits3References8
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.6 views

MGT-COMMERCE CloudPanel 路径遍历漏洞

MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. It is designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel version 2.2.2, which stems from a vulnerability that allows an attacker to perform path...

7.8CVSS7.3AI score0.00469EPSS
Exploits3References8
Positive Technologies
Positive Technologies
added 2023/06/01 12:0 a.m.4 views

PT-2023-3996 · Unknown · Cloudpanel

Name of the Vulnerable Software and Affected Versions: CloudPanel versions 2.0.0 through 2.3.0 CloudPanel version 2.3.0 Description: The issue is related to insufficient access control in the File Manager component of CloudPanel, specifically when handling clp-fm cookie files without verifying...

9.8CVSS7.3AI score0.75315EPSS
Exploits3References16
BDU FSTEC
BDU FSTEC
added 2023/03/27 12:0 a.m.8 views

The vulnerability of the control panel for servers and cloud services, CloudPanel, arises from the use of a rigidly encrypted cryptographic key for the SSL certificate. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the control panel for servers and cloud services like CloudPanel lies in the use of a strictly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

7.5CVSS7.5AI score0.00599EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/03/21 8:15 p.m.46 views

CVE-2023-0391

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

8.1CVSS8AI score0.00599EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/03/21 7:25 p.m.47 views

CVE-2023-0391 MGT-COMMERCE CloudPanel Shared Certificate

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

8.2AI score0.00599EPSS
Exploits1References2
CVE
CVE
added 2023/03/21 7:25 p.m.65 views

CVE-2023-0391

CVE-2023-0391 affects MGT-COMMERCE CloudPanel. The issue: CloudPanel ships with a static SSL certificate (and private key) shared across all installations, observed in version 2.2.0. This enables fingerprintable certificates and allows an attacker with access to capture or decrypt HTTPS traffic t...

8.1CVSS8AI score0.00599EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/21 7:25 p.m.5 views

CVE-2023-0391 MGT-COMMERCE CloudPanel Shared Certificate

MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1...

8AI score0.00599EPSS
Exploits1References2
Rapid7 Blog
Rapid7 Blog
added 2023/03/21 6:54 p.m.75 views

CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate Vulnerability and Weak Installation Procedures

While using the popular self-hosted web administration solution, CloudPanel from MGT-COMMERCE, Rapid7 researcher Tod Beardsley discovered three security concerns. The first, an issue involving the trustworthiness of the installation script provided by the vendor, was an instance of CWE-494:...

7.8AI score0.00599EPSS
Exploits1
CNNVD
CNNVD
added 2023/03/21 12:0 a.m.23 views

MGT-COMMERCE CloudPanel 信任管理问题漏洞

MGT-COMMERCE CloudPanel is a free solution from MGT-COMMERCE Open Source. It is designed to ease the burden of managing self-hosted Linux servers. A security vulnerability exists in MGT-COMMERCE CloudPanel version 2.2.0, which stems from the fact that the system comes with a static SSL certificat...

8.1CVSS7.6AI score0.00599EPSS
Exploits1References3
Rows per page
Query Builder