27 matches found
CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...
CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...
CVE-2023-52077
CVE-2023-52077 concerns Nexkey, a Misskey v12 fork. Before 12.23Q4.5, external apps using administrator/moderator-issued tokens could call admin APIs, enabling operations like updating server settings and risking object storage and email credentials. The issue is patched in 12.23Q4.5. No exploita...
CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-43609)
CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxadminapis.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from failure to properly validate user-supplied strings before executing system calls. ...
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43140)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxadminapis.php file not...
CVE-2020-15607
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxadminapis.php. When parsing the line parameter, the process does...
PT-2020-14529 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax admin apis.p...