13 matches found
EUVD-2007-6623
Malware in sbrugna...
GO-2024-2613 Unauthorized Console access in github.com/1Panel-dev/1Panel
If the user attempts to access a secure entry point and intercepts with Burp, they can get access to the console page. This access does not return data nor allow modification operations...
Improper Authorization
github.com/1Panel-dev/1Panel/ is vulnerable to Improper Authorization. The vulnerability is due to insufficient access controls, allowing attackers to exploit the application to gain unauthorized access to the console page...
CVE-2024-27288 1Panel open source panel project has an unauthorized vulnerability.
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds...
CVE-2024-27288 1Panel open source panel project has an unauthorized vulnerability.
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds...
GHSA-26W3-Q4J8-4XJP 1Panel open source panel project has an unauthorized vulnerability.
Impact The steps are as follows: 1. Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. 2. Use Burp to intercept: When opening the browser and entering the URL allowing the first intercepted packet through Burp, the following is displayed: It is fou...
PT-2024-21796 · 1Panel · 1Panel
Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.1-lts Description: 1Panel is an open source Linux server operation and maintenance management panel. Users can obtain unauthorized access to the console page by intercepting with Burp. The vulnerability allows...
CVE-2020-23452
A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...
UBUNTU-CVE-2020-23452
A cross-site scripting XSS vulnerability in Selenium Grid v3.141.59 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hub parameter under the /grid/console page...
GHSA-GFHJ-524Q-GCRM Stored XSS vulnerability in Jenkins console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2...
Sql injection
SQL injection vulnerability in admin.php/vars.php in CustomCMS CCMS 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page...
CVE-2007-6658
SQL injection vulnerability in admin.php/vars.php in CustomCMS CCMS 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page...
CVE-2007-6658
SQL injection vulnerability in admin.php/vars.php in CustomCMS CCMS 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page...