PT-2019-4390 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a sub-domain from a user's account. This can be achieved by an attacker using their...

PT-2019-4644 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a domain from a user's account. This can be achieved by an attacker using their own...

PT-2019-13803 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account due to an insecure object reference. Recommendations: For version 0.9.8.85...

PT-2019-4389 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue is related to an insecure object reference in CentOS Web Panel, which allows an attacker to add an e-mail forwarding destination to a victim's account. This is due to insufficient inpu...

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14246

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...

CVE-2019-14246

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14245

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases such as oauthv2 from the server via an attacker account...

CVE-2019-14245

CVE-2019-14245 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference in the MySQL management flow that allows an attacker with an account to delete arbitrary databases (e.g., oauthv2) on the server. Root cause: insufficient access control for database-management actions. I...

CVE-2019-14246

CVE-2019-14246 affects CentOS Web Panel (CWP) 0.9.8.851. An insecure object reference in the PHPMyAdmin password change flow enables an attacker account to discover or retrieve phpMyAdmin passwords for any user (password data in /etc/passwd) through the affected web interface path. The vulnerabil...

PT-2019-3100 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue is related to an insecure object reference, which allows an attacker to delete databases, such as oauthv2, from the server via an attacker account. This is due to insufficient access...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

CVE-2018-19581

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

Design/Logic Flaw

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...

Deserialization of untrusted data

GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure object reference vulnerability that allows a Guest user to set the weight of an issue they create...

CVE-2018-19584

GitLab EE, versions 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is vulnerable to an insecure direct object reference vulnerability that allows authenticated, but unauthorized, users to view members and milestone details of private groups...

CVE-2018-19578

GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that permits a user with Reporter privileges to view the Jaeger Tracing Operations page...