2125 matches found
CVE-2020-10787
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password aka the user password change script...
CVE-2020-36064
Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised...
CVE-2020-25124
The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php=rebuild= URI...
CVE-2020-25119
The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part of the User Manual...
CVE-2020-13150
D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active...
CVE-2012-2325
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel ACP in MyBB aka MyBulletinBoard before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors...
CVE-2019-16993
In phpBB before 3.1.7-PL1, includes/acp/acpbbcodes.php has improper verification of a CSRF token on the BBCode page in the Administration Control Panel. An actual CSRF attack is possible if an attacker also manages to retrieve the session id of a reauthenticated administrator prior to targeting...
CVE-2019-5694
NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature also known as a binary planting or DLL preloading attack, which may lead to denial of service or...
CVE-2019-9859
Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...
CVE-2019-18873
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...
CVE-2019-15571
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php...
CVE-2019-12791
A directory traversal vulnerability in the v-list-user script in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root via the password reset form...
CVE-2019-13525
In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could allow remote attackers to obtain web configuration data, which can be accessed without authentication over the network...
CVE-2017-8899
Invision Power Services IPS Community Suite 4.1.19.2 and earlier has a composite of Stored XSS and Information Disclosure issues in the attachments feature found in User CP. This can be triggered by any Invision Power Board user and can be used to gain access to moderator/admin accounts. The...
CVE-2012-2326
Cross-site scripting XSS vulnerability in the Admin Control Panel ACP in MyBB aka MyBulletinBoard before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment...
CVE-2012-2324
Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the 1 user search or 2 Mail Log in the Admin Control Panel ACP...
CVE-2009-2569
Multiple cross-site scripting XSS vulnerabilities in Verlihub Control Panel VHCP 1.7e allow remote attackers to inject arbitrary web script or HTML via 1 the nick parameter in a login action to index.php or 2 the URI in a news request to index.html...
CVE-2005-4861
functions.php in Ragnarok Online Control Panel ROCP 4.3.4a allows remote attackers to bypass authentication by requesting accountmanage.php with a trailing "/login.php" PHPSELF value, which is not properly handled by the CHECKAUTH function...
CVE-2025-39556
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mediavine Mediavine Control Panel mediavine-control-panel allows Retrieve Embedded Sensitive Data.This issue affects Mediavine Control Panel: from n/a through = 2.10.6...
SUSE CVE-2025-43919
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to read arbitrary files via ../ directory traversal at /mailman/private/mailman aka the private archive authentication endpoint via the username parameter. NOTE: multiple third parties report that they are unable t...