2125 matches found
Default credentials
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...
Cross site scripting
A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2019-18418
CVE-2019-18418 affects ClonOS WEB control panel version 19.09. The issue is in clonos.php where there is no session management, enabling remote attackers to gain full access by sending password-change requests. Multiple sources (NVD/NVD mirrors and security advisories) describe an authentication/...
CVE-2019-18418
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...
CVE-2019-18419
A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2019-18419
The provided connected records confirm CVE-2019-18419 is a cross-site scripting (XSS) flaw in ClonOS WEB control panel 19.09, specifically in index.php with the lang parameter. Root cause is described in CNVD as lack of proper validation of client-side data, enabling injection of arbitrary script...
ClonOS WEB control panel authorization issue vulnerability
ClonOS is an open source platform based on FreeBSD. The platform is mainly used for the creation and management of virtual environments. web control panel is one of the web-based ClonOS control panel. An authorization issue vulnerability exists in the clonos.php file in ClonOS WEB control panel...
Honeywell IP-AK2 CVE-2019-13525 Information Disclosure Vulnerability
Description Honeywell IP-AK2 is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Honeywell IP-AK2 Access Control Panel version 1.04.07 and prior are vulnerable. Technologies Affected Honeywell...
Ajenti Remote Command Execution Vulnerability
Ajenti is a web control panel written in python and angularjs. Ajenti suffers from a remote command execution vulnerability. An attacker can execute commands on a local monitoring server while testing...
Ajenti 2.1.31 - Remote Code Execution
Ajenti 2.1.31 - Remote Code Execution Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details -------...
Ajenti 2.1.31 - Remote Code Execution
Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details ------- Ajenti is a web control panel written in...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
Cross site request forgery (csrf)
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
CVE-2019-16993
CVE-2019-16993 affects phpBB
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
Session Token In URL
PhpBB sends the session token via a GET parameter in the URL. Due to the way phpbb works, having the session ID is not enough for a remote attacker to gain access to the application since the session tokens are tied to an IP address. However, with knowledge of the administrator's session ID, the...
SecurityNotFound - 404 Page Not Found Webshell
Clone me! Clone or download the project: git clone https://github.com/CosasDePuma/SecurityNotFound.git SecurityNotFound cd SecurityNotFound "Installation" The src/404.php file should be located on the target server. That server must have the ability to execute .php files. Here is an example of so...
CVE-2019-13376
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...
Cross site request forgery (csrf)
phpBB version 3.2.7 allows the stealing of an Administration Control Panel session id by leveraging CSRF in the Remote Avatar feature. The CSRF Token Hijacking leads to stored XSS...