14 matches found
EUVD-2020-7597
Malware in sbrugna...
EUVD-2020-7601
Malware in sbrugna...
EUVD-2020-7427
Malware in sbrugna...
CVE-2020-15610
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the modulo parameter, the process does...
CVE-2020-15434
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the canal parameter, the process does n...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the canal parameter, the process does n...
CVE-2020-15614
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the cha parameter, the process does not...
CVE-2020-15614
CVE-2020-15614 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the cha parameter, where input is not properly validated before a system call, allowing an unauthenticated attacker to execute arbitrary code with root privileges. This has been disclosed in...
CVE-2020-15610
CVE-2020-15610 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is in the file ajax_php_pecl.php where parsing the modulo parameter allows an attacker to execute arbitrary code with root privileges, without authentication. Multiple sources (ZDI-20-757, Red Hat, CNVD/CVE records) co...
CVE-2020-15610
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the modulo parameter, the process does...
CVE-2020-15434
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the canal parameter, the process does n...
CVE-2020-15433
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the phpversion parameter, the process...
CVE-2020-15433
CVE-2020-15433 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the phpversion parameter, which allows an unauthenticated attacker to execute arbitrary code with root privileges via a remote code execution vector. Multiple sources (including ZDI-20-750) ...
CVE-2020-15434
CVE-2020-15434 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerable component is ajax_php_pecl.php where the canal parameter is not properly validated before using it to execute a system call, enabling remote code execution with root privileges. Exploitation is possible without authentica...