Lucene search
K

97 matches found

CVE
CVE
added 2021/08/02 1:53 p.m.63 views

CVE-2021-37840

CVE-2021-37840 affects aaPanel up to version 6.8.12, enabling Cross-Site WebSocket Hijacking (CSWH) that can execute OS commands within WebSocket messages issued to ws://…/webssh. The victim must have Terminal configured with at least one host. Exploitation appears browser-dependent (e.g., feasib...

8.8CVSS8.5AI score0.01661EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

aaPanel 安全漏洞

aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel LinuxStable 6.8.12, which allows attackers to conduct cross-site WebSocket hijacking CSWH and OS commands in WebSocket messages...

8.8CVSS7.8AI score0.01661EPSS
Exploits2References2
Packet Storm
Packet Storm
added 2020/10/16 12:0 a.m.331 views

aaPanel 6.6.6 Privilege Escalation

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

9CVSS0.7AI score0.0597EPSS
Exploits5
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.591 views

aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)

Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...

9CVSS7.1AI score0.0597EPSS
Exploits5
CNVD
CNVD
added 2020/06/22 12:0 a.m.8 views

Unspecified vulnerability in aaPanel

aaPanel is an open source hosting control panel. A security vulnerability exists in aaPanel 6.6.6 and earlier versions. A remote attacker can exploit this vulnerability by modifying the /system?action=ServiceAdmin request sent to the Sotfware Store settings menu to execute arbitrary commands...

8.8CVSS7.6AI score0.02601EPSS
Exploits2References1
NVD
NVD
added 2020/06/21 4:15 p.m.16 views

CVE-2020-14950

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...

8.8CVSS0.02601EPSS
Exploits2References1
OSV
OSV
added 2020/06/21 4:15 p.m.2 views

CVE-2020-14950

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...

8.8CVSS7.6AI score0.02601EPSS
Exploits2References1
Prion
Prion
added 2020/06/21 4:15 p.m.21 views

Design/Logic Flaw

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...

6.5CVSS8.7AI score0.02601EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/06/21 3:58 p.m.17 views

CVE-2020-14950

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request start, stop, or restart to the setting menu of Sotfware Store...

8.8AI score0.02601EPSS
Exploits2References1
CVE
CVE
added 2020/06/21 3:58 p.m.61 views

CVE-2020-14950

CVE-2020-14950 affects aaPanel (up to version 6.6.6 and earlier). The vulnerability allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request under the Software Store settings menu. Root cause: insufficient validatio...

8.8CVSS8.7AI score0.02601EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2020/06/19 12:0 a.m.13 views

aaPanel Remote Code Execution Vulnerability

aaPanel is a simple but powerful control panel for Linux servers. A remote code execution vulnerability exists in aaPanel 6.6.6 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands via the Script Content box on the Add Cron Job interface...

9CVSS8.3AI score0.0597EPSS
Exploits5References1
OSV
OSV
added 2020/06/18 1:15 p.m.4 views

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...

7.2CVSS6.1AI score0.0597EPSS
Exploits5References3
NVD
NVD
added 2020/06/18 1:15 p.m.16 views

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...

9CVSS0.0597EPSS
Exploits5References3
Prion
Prion
added 2020/06/18 1:15 p.m.17 views

Code injection

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...

9CVSS7.1AI score0.0597EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2020/06/18 12:51 p.m.15 views

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...

7.2AI score0.0597EPSS
Exploits5References3
CVE
CVE
added 2020/06/18 12:51 p.m.111 views

CVE-2020-14421

CVE-2020-14421 affects aaPanel (versions up to 6.6.6 and earlier). An authenticated user can exploit the Script Content box on the Add Cron Job interface to execute arbitrary commands on the server, due to improper handling of cron entries that enables command injection/remote execution. Multiple...

9CVSS7.1AI score0.0597EPSS
Exploits5References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/06/18 12:0 a.m.3 views

PT-2020-13996 · Aapanel · Aapanel

Name of the Vulnerable Software and Affected Versions: aaPanel versions 6.6.6 and earlier Description: The issue allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. This can be done by exploiting the vulnerability in the Script...

9CVSS7.3AI score0.0597EPSS
Exploits5References5
Rows per page
Query Builder