2125 matches found
CVE-2020-10966
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...
CVE-2020-10966
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...
Design/Logic Flaw
In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...
CVE-2020-10966
Summary (CVE-2020-10966): The vulnerability affects Vesta Control Panel and Hestia Control Panel Password Reset Module. Through versions VestaCP up to 0.9.8-25 (and Hestia up to 1.1.1), an attacker can manipulate the Host header to cause an account takeover, as the reset URL delivered to the vict...
Vesta Control Panel as System Command Injection Vulnerability
Vesta Control Panel VestaCP is an open source web hosting control panel. An operating system command injection vulnerability exists in VestaCP versions 0.9.7 through 0.9.8-23. An attacker can exploit this vulnerability to elevate privileges...
Vesta Control Panel Operating System Command Injection Vulnerability
Vesta Control Panel VestaCP is an open source web hosting control panel. An operating system command injection vulnerability exists in Vesta Control Panel VestaCP versions 0.9.8-26 and earlier, which can be exploited by an attacker to inject commands and execute code with the help of specially...
KLA11767 Microsoft Advisory for Windows
Original advisories ADV200006 Related products Microsoft-Windows-Server-2012 Microsoft-Windows-8 Microsoft-Windows-7 Microsoft-Windows-Server-2008 Microsoft-Windows-10 CVE list KB list Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Update...
CVE-2020-10808
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
CVE-2020-10808
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
Command injection
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
CVE-2020-10808
Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...
CVE-2020-10808
CVE-2020-10808 affects Vesta Control Panel (VestaCP) up to version 0.9.8-26. It describes a command injection vulnerability in the schedule/backup Backup Listing Endpoint. The attacker must create a crafted filename on the server, demonstrated via an FTP session that renames a file (e.g., .bash_l...
PT-2020-12337 · Vestacp · Vesta Control Panel
Name of the Vulnerable Software and Affected Versions: Vesta Control Panel VestaCP versions 0.9.8-26 and earlier Description: The issue allows Command Injection via the "schedule/backup Backup Listing Endpoint". An attacker must be able to create a crafted filename on the server. This can be...
NVIDIA Windows GPU Display Driver (Feb 2020)
A display driver installed on the remote Windows host is affected by multiple vulnerabilities. - A privilege escalation vulnerability exists in NVIDIA Control Panel component. An unauthenticated, local attacker can exploit this, via corrputing a system file, to gain priviledged access to the...
cPanel Authentication Bypass Vulnerability
cPanel is a set of Web-based host control management system of the U.S. cPanel. An authentication bypass vulnerability exists in cPanel versions prior to 82.0.18. The vulnerability stems from improper parsing of the password file format. An attacker can exploit this vulnerability to achieve...
cPanel Remote Code Execution Vulnerability (CNVD-2020-18555)
cPanel is a set of Web-based host control management system of the U.S. cPanel. A remote code execution vulnerability exists in cPanel versions prior to 84.0.20. The vulnerability can be exploited to achieve remote code execution via the cpsrvd rsync shell using a demo account...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-articles.php by adding a question mark ? followed by the payload...
CVE-2020-5958
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure...
Information disclosure
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can plant a malicious DLL file, which may lead to code execution, denial of service, or information disclosure...
CVE-2020-5958
CVE-2020-5958 affects NVIDIA Windows GPU Display Driver (control panel component). The vulnerability allows a local attacker with system access to plant a malicious DLL, potentially enabling code execution, denial of service, or information disclosure. The related NVIDIA security bulletin lists a...