Vesta Control Panel (VestaCP) security vulnerabilities

Vesta Control Panel VestaCP is an open-source virtual hosting control panel developed by Vesta Control Panel Inc. Version 0.9.8-26 of Vesta Control Panel VestaCP has a security vulnerability caused by insufficient token verification, which may allow unauthorized access to user accounts...

EUVD-2026-3630

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

Vesta Control Panel (VestaCP) Cross-site Scripting Vulnerabilities

Vesta Control Panel VestaCP is an open-source virtual hosting control panel developed by Vesta Control Panel Inc. Versions of Vesta Control Panel VestaCP prior to 0.9.8-25 contained a cross-site scripting vulnerability. This vulnerability stemmed from IP interface configurations that allowed...

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin...

CVE-2020-10808

Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...

CVE-2020-10786

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...

CVE-2019-12792

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root...

EUVD-2018-21604

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

Vesta Control Panel 安全漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version ee03eff and prior versions, which stems from embedded malicious code that could lead to a supply chain attack and administrator credential disclosure...

EUVD-2019-19215

Malware in sbrugna...

EUVD-2019-4375

Malware in sbrugna...

EUVD-2020-3200

Malware in sbrugna...

EUVD-2018-2757

Malware in sbrugna...

EUVD-2018-10268

Malware in sbrugna...

EUVD-2020-3367

Malware in sbrugna...

EUVD-2021-15061

Malware in sbrugna...

EUVD-2019-19200

Malware in sbrugna...

EUVD-2019-4374

Malware in sbrugna...

EUVD-2015-2949

Malware in sbrugna...