695 matches found
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account...
CVE-2019-14730
CVE-2019-14730 affects CentOS Web Panel 0.9.8.851. The vulnerability is an insecure object reference that allows an attacker with an account to delete a domain from another user’s account. Root cause: insufficient access control around domain management/object references. Impact: unauthorized dom...
CVE-2019-14728
CVE-2019-14728 affects CentOS Web Panel (CWP) 0.9.8.851. The vulnerability is an insecure object reference that lets an attacker, with an attacker account, add an e-mail forwarding destination to a victim’s account. The root cause is improper authorization/object reference handling in the CWP int...
CVE-2019-14729
CVE-2019-14729 affects CentOS Web Panel (CWP) 0.9.8.851. The issue is an insecure object reference that allows an attacker with an account to delete a sub-domain under a victim’s account. Reported across multiple sources (NVD/Red Hat/CNVD, CNVD, PRION, PT-Security) with consistent product/version...
CVE-2019-14729
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account...
CVE-2019-14727
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account...
CVE-2019-14726
CVE-2019-14726 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference that allows an attacker with an attacker account to access and delete DNS records belonging to a victim’s account. Root cause appears to be insufficient access validation for DNS management objects. Repor...
CVE-2019-14726
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account...
CVE-2019-14723
CVE-2019-14723 affects CentOS Web Panel 0.9.8.851 (CWP). The flaw is an insecure object reference that lets an attacker with an attacker account delete a victim’s e-mail account. Root cause is insufficient access control/object reference handling within the CWP email management flow. Documented i...
CVE-2019-14723
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account...
CVE-2019-14722
CVE-2019-14722 affects CentOS Web Panel 0.9.8.851. The vulnerability is an insecure object reference in the email forwarding management that allows an attacker with an attacker account to delete an email forwarding destination belonging to a victim’s account. The connected documents confirm the a...
CVE-2019-14722
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account...
CVE-2019-14721
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account...
CVE-2019-14721
CVE-2019-14721 affects CentOS Web Panel (CWP) 0.9.8.851. The vulnerability is described as an insecure object reference that lets an attacker with an attacker account remove a target user from phpMyAdmin. Multiple sources (Red Hat CVE entry, CNVD aggregations) corroborate the impact of removing o...
PT-2019-13802 · Php +1 · Phpmyadmin +1
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to remove a target user from phpMyAdmin via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.851, consider restricting...
PT-2019-4386 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to delete a victim's e-mail account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which can be...
PT-2019-4388 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to change the e-mail password of a victim account via an attacker account due to an insecure object reference. This is caused by insufficient input validation, which...
PT-2019-4387 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to access and delete DNS records of a victim's account via an attacker account due to an insecure object reference. This is caused by insufficient input validation,...