Lucene search
K

141 matches found

Prion
Prion
added 2018/10/04 11:29 p.m.13 views

Design/Logic Flaw

An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...

4.6CVSS7.6AI score0.03369EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2018/10/04 11:29 p.m.3 views

CVE-2018-17984

An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...

7.8CVSS6AI score0.03369EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/10/04 11:0 p.m.9 views

CVE-2018-17984

An unanchored /a-z2/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access...

7.7AI score0.03369EPSS
Exploits1References3
CVE
CVE
added 2018/10/04 11:0 p.m.57 views

CVE-2018-17984

CVE-2018-17984 affects ISPConfig prior to 3.1.13, where an unanchored /[a-z]{2}/ regular expression enables arbitrary file inclusion, potentially leading to code execution. The issue is exploitable by authenticated users with local filesystem access, allowing execution in the security context of ...

7.8CVSS7.6AI score0.03369EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2018/10/04 12:0 a.m.25 views

ISPConfig Remote Command Execution

Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...

7.4AI score
Exploits0
OSV
OSV
added 2017/12/07 8:29 a.m.5 views

CVE-2017-17384

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...

8.8CVSS5.8AI score0.01489EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2017/12/07 8:29 a.m.4 views

CVE-2017-17384

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...

9CVSS5.5AI score0.01489EPSS
Exploits0References3
Prion
Prion
added 2017/12/07 8:29 a.m.16 views

Design/Logic Flaw

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...

9CVSS8.1AI score0.01489EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/12/07 8:29 a.m.17 views

CVE-2017-17384

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...

9CVSS8.2AI score0.01489EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/12/07 8:0 a.m.21 views

CVE-2017-17384

ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain root access by creating a crafted cron job...

8.2AI score0.01489EPSS
Exploits0References1
CVE
CVE
added 2017/12/07 8:0 a.m.47 views

CVE-2017-17384

CVE-2017-17384 affects ISPConfig 3.x before 3.1.9. A remote authenticated user can escalate privileges to root by creating a crafted cron job, due to a vulnerability in the cron handling. Impact: full root access on affected systems as described by the CVE, with high severity. Mitigation: upgrade...

9CVSS8.1AI score0.01489EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2017/12/07 12:0 a.m.6 views

ISPConfig Elevation of Privilege Vulnerability

ISPConfig is an open source web hosting management program for Linux with a Web control panel , you can use the Web control panel to manage web hosting , open a website , open a mailbox , open and manage mysql databases , support for DNS resolution and monitor the server's operating conditions an...

9CVSS7.3AI score0.01489EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2016/08/22 12:0 a.m.45 views

ISPconfig 3.0.5.4 p6 Cross Site Scripting

Document Title: =============== ISPconfig v3.0.5.4 p6 - UI Exception & XSS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1909 Release Date: ============= 2016-08-16 Vulnerability Laboratory ID VL-ID: ====================================...

0.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/08/16 12:0 a.m.38 views

ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities

Document Title: =============== ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1909 Release Date: ============= 2016-08-16 Vulnerability Laboratory ID VL-ID: ==================================== 19...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/08/15 12:0 a.m.32 views

ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities

Document Title: =============== ISPconfig v3.0.5.4p6 - Input Validation Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1909 Release Date: ============= 2016-08-15 Vulnerability Laboratory ID VL-ID: ==================================== 19...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/08/01 12:0 a.m.27 views

ISPConfig 3.0.5 Cross Site Request Forgery

!-- tanks: Dr Ms Jk - n1arash - Milad Hacking - malahsky...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2015/09/15 12:0 a.m.105 views

ISPConfig <= 3.0.5.4p7 monitor/show_sys_state.php SQL注入漏洞

因为不完整地过滤导致了SQL注入, 通过HTTP GET方式传递的server参数给了 /monitor/showsysstate.php页面攻击者可以传入任意恶意SQL命令并在数据库中执行该漏洞的成功的利用可以让攻击者获得数据库的读写权限甚至危机整个web应用但是该漏洞此时仍然是一个鸡肋漏洞, 因为攻击者要进行此攻击必须是认证通过的用户而且还需要有monitor权限然而, 结合CSRF Cross-Site Request Forgery in ISPConfig:...

6.8CVSS6.5AI score0.0126EPSS
Exploits6
NVD
NVD
added 2015/06/15 3:59 p.m.22 views

CVE-2015-4119

Multiple cross-site request forgery CSRF vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of 1 administrators for requests that create an administrator account via a request to admin/usersedit.php or 2 arbitrary users for requests that conduct SQL...

6.8CVSS7.9AI score0.0126EPSS
Exploits6References6
NVD
NVD
added 2015/06/15 3:59 p.m.28 views

CVE-2015-4118

SQL injection vulnerability in monitor/showsysstate.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2...

6.5CVSS7.8AI score0.02135EPSS
Exploits5References6
Prion
Prion
added 2015/06/15 3:59 p.m.25 views

Sql injection

SQL injection vulnerability in monitor/showsysstate.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2...

6.5CVSS8.2AI score0.02135EPSS
Exploits7References6Affected Software1
Rows per page
Query Builder