2125 matches found
CVE-2019-9859
Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...
CVE-2019-9859
Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...
Design/Logic Flaw
Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...
CVE-2019-9859
Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...
CVE-2019-9859
CVE-2019-9859 affects Vesta Control Panel (VestaCP) versions 0.9.7 through 0.9.8-23. An authenticated attacker can trigger command execution via PHP that may escalate to remote root access. The vulnerability stems from how VestaCP uses the PHP function exec to run shell scripts and how escapeshel...
CVE-2020-5957
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges...
CVE-2020-5957
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges...
Exchange Control Panel Viewstate Deserialization
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'bindata' class MetasploitModule 'Exchange Control Panel Viewstate Deserialization', 'Description' = %q This module exploits a .NET serialization vulnerability i...
Exchange Control Panel ViewState Deserialization
This module exploits a .NET serialization vulnerability in the Exchange Control Panel ECP web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of...
Microsoft Exchange Server Exchange Control Panel Fixed Cryptographic Key Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique...
Information disclosure
An Information Disclosure vulnerability exists in the my config file in NEtGEAR WGR614 v7 and v9, which could let a malicious user recover all previously used passwords on the device, for both the control panel and WEP/WPA/WPA2, in plaintext. This is a different issue than CVE-2012-6340...
ABB CP651 HMI Trust Management Issue Vulnerability
The ABB CP651 is a control panel from ABB Switzerland. A vulnerability exists in the ABB CP651 HMI with trust management issues. An attacker could exploit this vulnerability to insert and run arbitrary code on an affected system...
KLA11535 An elevation of privilege vulnerability in Microsoft Developer Tools
An elevation of privilege vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2019-1211 Related products Microsoft-Visual-Studio CVE list CVE-2019-1211 warning KB list Solution Install necessary updates...
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Vulnerabilit
Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Product web page: https://www.inim.biz Link:...
Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Product web page: https://www.inim.biz Link:...
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link:...
Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery
Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Version: 6.x...
Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution
Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Version: 6.x Advisory ID: ZSL-2019-55...
Inim Electronics Smartliving SmartLAN/G/SI 6.x Hard-Coded Credentials
Inim Electronics Smartliving SmartLAN/G/SI =6.x Hard-coded Credentials Vendor: INIM Electronics s.r.l. Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Affected version: =6.x Affected models: SmartLiving 50...
MyBB UserCP Cross-Site Scripting Vulnerability
MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB UserCP. This vulnerability allows attackers to...