Lucene search
+L

146 matches found

cve
cve
added 2019/07/16 5:0 p.m.176 views

CVE-2019-13360

CVE-2019-13360 affects CentOS Web Panel (CWP) 0.9.8.836. Remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username. The Red Hat advisory confirms a similar authentication bypass for affected CWP versions, indicating this class of issue is tied to ...

9.8CVSS9.2AI score0.2445EPSS
Exploits5References2Affected Software1
cve
cve
added 2019/07/16 4:54 p.m.180 views

CVE-2019-13383

CVE-2019-13383 affects CentOS Web Panel (CWP) version 0.9.8.846. The login process leaks user existence by returned HTTP response differences, enabling an attacker to determine whether a username is valid. Root cause: information disclosure via authentication response handling. Public references ...

5.3CVSS5.2AI score0.14241EPSS
Exploits5References3Affected Software1
cvelist
cvelist
added 2019/07/16 4:54 p.m.33 views

CVE-2019-13383

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response...

5.2AI score0.14241EPSS
Exploits5References3
cve
cve
added 2019/07/16 4:46 p.m.185 views

CVE-2019-13605

CVE-2019-13605 affects CentOS Web Panel (CWP) versions 0.9.8.838–0.9.8.846. The issue is an authentication bypass in the login flow that leverages a valid username and relies on defeating an encoding that is not equivalent to base64, as noted in the NVD entry and CNVD/CNVD-derived records. This i...

8.8CVSS9.2AI score0.15307EPSS
Exploits5References3Affected Software1
exploitdb
exploitdb
added 2019/07/16 12:0 a.m.166 views

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation

//====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

8.5CVSS7.8AI score0.2577EPSS
Exploits5
exploitpack
exploitpack
added 2019/07/16 12:0 a.m.41 views

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation

CentOS Control Web Panel 0.9.8.836 - Privilege Escalation //====================================================================\ || || || CWP Control Web Panel 0.9.8.836 - 0.9.8.839 || || Root Privilege Escalation || || || \====================================================================//...

8.5CVSS0.9AI score0.2577EPSS
Exploits5
packetstorm
packetstorm
added 2019/07/16 12:0 a.m.135 views

CentOS Control Web Panel 0.9.8.838 User Enumeration

Exploit Title: CWP CentOS Control Web Panel 0.9.8.848 User Enumeration via HTTP Response Message Date: 15 July 2019 Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/changelog Software Link: Not available, user panel on...

0.2AI score0.14241EPSS
Exploits5
cve
cve
added 2019/05/21 5:29 p.m.62 views

CVE-2019-12190

CVE-2019-12190 affects CentOS Web Panel (CWP) versions through 0.9.8.747. The issue is a cross-site scripting (XSS) vulnerability in the testacc/fileManager2.php endpoint, triggered via the fm_current_dir or filename parameters. The public records consistently note client-side data validation wea...

5.4CVSS5.3AI score0.05323EPSS
Exploits1References1Affected Software1
cve
cve
added 2019/05/13 2:44 p.m.85 views

CVE-2019-11429

CVE-2019-11429 affects CentOS Web Panel (CWP) versions 0.9.8.793 (Free/Open Source), 0.9.8.753 (Pro) and 0.9.8.807 (Pro). The vulnerability is a Reflected XSS in the Domain field of the DNS Zone: Add DNS Zone screen. The root cause is insufficient input sanitization in the Domain field, enabling ...

4.8CVSS4.9AI score0.05907EPSS
Exploits4References3Affected Software1
prion
prion
added 2019/04/18 8:29 p.m.12 views

Design/Logic Flaw

CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.793 Free/Open Source Version and 0.9.8.753 Pro is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings "Edit Settings" screen. By changing the email ID to any XSS Payload and clicking on Save Changes, the XSS Payload wi...

3.5CVSS4.8AI score0.02879EPSS
Exploits5References6Affected Software1
cve
cve
added 2019/04/18 7:50 p.m.66 views

CVE-2019-10893

CVE-2019-10893 affects CentOS Web Panel versions 0.9.8.793 (Free) and 0.9.8.753 (Pro). It is a stored/persistent XSS in the Admin Email field on the CWP Settings > Edit Settings screen, triggered by saving a crafted email value, with the payload executing in the admin context. Root cause state...

4.8CVSS4.9AI score0.02879EPSS
Exploits5References6Affected Software1
exploitdb
exploitdb
added 2019/04/08 12:0 a.m.61 views

CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting

Exploit Title: CentOS Web Panel v0.9.8.793 Free and v0.9.8.753 Pro - Email Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 06 - April - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.793 Free an...

4.8CVSS5.2AI score0.02879EPSS
Exploits5
cve
cve
added 2019/04/03 2:7 p.m.65 views

CVE-2019-10261

CWP 0.9.8.789 is vulnerable to Stored/Persistent XSS in the DNS Functions → Edit Nameservers IPs form (Name Server 1/2). Root cause: insufficient input sanitization, enabling an attacker to store and render script payloads to other users. CVE-2019-10261 is described across multiple records with b...

4.8CVSS4.8AI score0.02381EPSS
Exploits5References3Affected Software1
cve
cve
added 2019/03/26 3:2 p.m.75 views

CVE-2019-7646

Summary: CVE-2019-7646 affects CentOS Web Panel (CWP) up to version 0.9.8.763, where the stored/persistent XSS vulnerability exists in the Add a Package (add_package) module via the Package Name field. The issue arises from insufficient input sanitization of the Package Name, enabling an attacker...

4.8CVSS4.8AI score0.07246EPSS
Exploits5References3Affected Software1
cve
cve
added 2018/11/20 7:0 p.m.87 views

CVE-2018-18774

CVE-2018-18774 affects CentOS Web Panel (CentOS Web Panel) versions up to 0.9.8.740. The vulnerability is an XSS flaw exploitable through the admin/index.php endpoint via the module parameter, allowing an attacker to inject arbitrary web script into the administrator’s browser. Several sources in...

6.1CVSS6.8AI score0.04751EPSS
Exploits6References3Affected Software1
cve
cve
added 2018/10/15 7:0 a.m.88 views

CVE-2018-18323

CVE-2018-18323 affects CentOS Web Panel 0.9.8.480. The vulnerability is a Local File Inclusion via directory traversal using the URI admin/index.php?module=file_editor&file=/../, enabling an attacker to read sensitive server files. The connected Nuclei template confirms LFI and notes additional i...

7.5CVSS7.5AI score0.70736EPSS
Exploits2References3Affected Software1
cve
cve
added 2018/10/15 7:0 a.m.58 views

CVE-2018-18322

CVE-2018-18322 affects CentOS Web Panel version 0.9.8.480. The issue is a Command Injection in admin/index.php via shell metacharacters in the API parameters service_start, service_restart, service_fullstatus, or service_stop. Root cause: unsafely handling of those parameters enables injection th...

9.8CVSS9.7AI score0.15141EPSS
Exploits2References3Affected Software1
cve
cve
added 2018/10/15 7:0 a.m.65 views

CVE-2018-18324

CVE-2018-18324 affects CentOS Web Panel (CWP) 0.9.8.480, with a Cross‑Site Scripting (XSS) vulnerability triggered via the fm_current_dir parameter in admin/fileManager2.php or via parameters in admin/index.php (module, service_start/fullstatus/restart/stop, or file within file_editor). Public di...

6.1CVSS6AI score0.03207EPSS
Exploits2References3Affected Software1
cve
cve
added 2018/01/22 1:0 a.m.53 views

CVE-2018-5962

CVE-2018-5962 affects CentOS Web Panel (CWP) up to version v0.9.8.12 via XSS in index.php. The vulnerability is triggered by the id parameter in the phpini_editor module or the email_address parameter in the mail_add-new module, allowing cross-site scripting. Public sources in connected records c...

6.1CVSS5.9AI score0.0263EPSS
Exploits3References1Affected Software1
nvd
nvd
added 2009/11/09 5:30 p.m.16 views

CVE-2009-3919

Cross-site scripting XSS vulnerability in the NGP COO/CWP Integration crmngp module 6.x before 6.x-1.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied information."...

4.3CVSS5.8AI score0.01223EPSS
Exploits0References6
Rows per page
Query Builder