97 matches found
CVE-2021-37840
CVE-2021-37840 affects aaPanel up to version 6.8.12, enabling Cross-Site WebSocket Hijacking (CSWH) that can execute OS commands within WebSocket messages issued to ws://…/webssh. The victim must have Terminal configured with at least one host. Exploitation appears browser-dependent (e.g., feasib...
aaPanel 安全漏洞
aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel LinuxStable 6.8.12, which allows attackers to conduct cross-site WebSocket hijacking CSWH and OS commands in WebSocket messages...
aaPanel 6.6.6 Privilege Escalation
Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...
aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)
Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...
Unspecified vulnerability in aaPanel
aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel 6.6.6 and earlier versions. A remote attacker can exploit this vulnerability by modifying the /system?action=ServiceAdmin request sent to the Sotfware Store settings menu to execute arbitrary commands...
CVE-2020-14950
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...
CVE-2020-14950
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...
Design/Logic Flaw
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...
CVE-2020-14950
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...
CVE-2020-14950
CVE-2020-14950 affects aaPanel (up to version 6.6.6 and earlier). The vulnerability allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request under the Software Store settings menu. Root cause: insufficient validatio...
aaPanel Remote Code Execution Vulnerability
aaPanel is a simple but powerful control panel for Linux servers. A remote code execution vulnerability exists in aaPanel 6.6.6 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands via the Script Content box on the Add Cron Job interface...
CVE-2020-14421
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...
CVE-2020-14421
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...
Code injection
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...
CVE-2020-14421
aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...
CVE-2020-14421
CVE-2020-14421 affects aaPanel (versions up to 6.6.6 and earlier). An authenticated user can exploit the Script Content box on the Add Cron Job interface to execute arbitrary commands on the server, due to improper handling of cron entries that enables command injection/remote execution. Multiple...
PT-2020-13996 · Aapanel · Aapanel
Name of the Vulnerable Software and Affected Versions: aaPanel versions 6.6.6 and earlier Description: The issue allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. This can be done by exploiting the vulnerability in the Script...