2125 matches found
Vesta Control Panel Input Validation Error Vulnerability
Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel 0.9.8-26 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands on the system with the help of the cron jobs module...
CVE-2020-10786
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...
CVE-2020-10786
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...
CVE-2020-10787
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password aka the user password change script...
CVE-2020-10787
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password aka the user password change script...
Command injection
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...
Privilege escalation
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password aka the user password change script...
CVE-2020-10787
CVE-2020-10787 concerns an elevation of privilege in Vesta Control Panel (VestaCP) up to version 0.9.8-26. Multiple sources confirm that an attacker can gain root system access from the admin account via the v-change-user-password script. Affected product: Vesta Control Panel; vulnerable componen...
CVE-2020-10787
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password aka the user password change script...
CVE-2020-10786
A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...
CVE-2020-10786
CVE-2020-10786 affects Vesta Control Panel (VestaCP) w/ versions 0.9.8-26 and earlier. A remote command execution is possible because an authenticated user can abuse the cron jobs module to run arbitrary commands on the underlying system. Impact is high (remote, unauthenticated? actually authenti...
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution Exploit
This Metasploit module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user. This module requires Metasploit: https://metasploit.com/download Current source:...
Vesta Control Panel Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits an authenticated command injection vulnerabilit...
Vesta Control Panel Authenticated Remote Code Execution
This module exploits an authenticated command injection vulnerability in the v-list-user-backups bash script file in Vesta Control Panel to gain remote code execution as the root user. This module requires Metasploit: https://metasploit.com/download Current source:...
Serious Exchange Flaw Still Plagues 350K Servers
Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability – nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. The vulnerability in question CVE-2020-0688 exists in the control panel of...
Vesta Control Panel Authenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in...
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution Exploit
Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This modu...
Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in...
DesignMasterEvents CMS 1.0 SQL Injection / Cross Site Scripting
Exploit Title: DesignMasterEvents Conference management CMS SQL Injection Auth Bypass & XSS Vulnerability Google Dork: intext:"by :Design Master Events" Date: 2020-03-28 Exploit Author: @ThelastVvV Vendor Homepage: http://www.designmasterevents.com Version: 1.0 Tested on: Ubuntu...
Vesta Control Panel and Hestia Control Panel Password Reset Module Information Disclosure Vulnerability
Vesta Control Panel VestaCP is an open source web hosting control panel.Hestia Control Panel is an open source hosting control panel. A security vulnerability exists in the Password Reset Module in VestaCP versions 0.9.8-25 and earlier and Hestia Control Panel versions 1.1.0 and earlier. An...