Lucene search
K

146 matches found

CNVD
CNVD
added 2020/08/03 12:0 a.m.5 views

CentOS Web Panel ajax_new_account.php file SQL injection vulnerability

CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxnewaccount.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which originates when the program does not properly validate a user-supplied string. An attacker could exploit this...

7.8CVSS7.8AI score0.0401EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.3 views

CentOS Web Panel SQL Injection Vulnerability (CNVD-2020-43612)

CentOS Web Panel CWP is a free web hosting control panel. A SQL injection vulnerability exists in the ajaxlistaccounts.php file in CentOS Web Panel cwp-e version 17.0.9.8.923, which stems from the program not properly validating a user-supplied string. An attacker could exploit this vulnerability...

7.8CVSS7.8AI score0.0401EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/29 12:0 a.m.3 views

CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43144)

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxphppecl.php file not proper...

10CVSS8AI score0.08083EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/29 12:0 a.m.4 views

CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43140)

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxadminapis.php file not...

10CVSS8AI score0.08083EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/29 12:0 a.m.4 views

CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43139)

CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxdiskusage.php file not...

10CVSS8AI score0.08083EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/28 5:1 p.m.19 views

CVE-2020-15628

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the user parameter, the...

7.5CVSS7.5AI score0.0383EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/28 5:1 p.m.24 views

CVE-2020-15624

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxnewaccount.php. When parsing the domain parameter, the...

7.5CVSS7.5AI score0.0401EPSS
Exploits0References1
CVE
CVE
added 2020/07/28 5:1 p.m.49 views

CVE-2020-15624

CVE-2020-15624 affects CentOS Web Panel (CWP) — version cwp-e17.0.9.8.923 — where the ajax_new_account.php component does not properly validate the domain parameter before constructing SQL queries, enabling an unauthenticated remote SQL injection that can disclose sensitive information in the con...

7.8CVSS7.5AI score0.0401EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/28 5:1 p.m.20 views

CVE-2020-15619

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...

7.5CVSS7.5AI score0.0383EPSS
Exploits0References1
CVE
CVE
added 2020/07/28 5:1 p.m.54 views

CVE-2020-15614

CVE-2020-15614 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the cha parameter, where input is not properly validated before a system call, allowing an unauthenticated attacker to execute arbitrary code with root privileges. This has been disclosed in...

10CVSS9.6AI score0.08083EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/28 5:1 p.m.67 views

CVE-2020-15610

CVE-2020-15610 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is in the file ajax_php_pecl.php where parsing the modulo parameter allows an attacker to execute arbitrary code with root privileges, without authentication. Multiple sources (ZDI-20-757, Red Hat, CNVD/CVE records) co...

10CVSS9.6AI score0.08083EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/28 5:1 p.m.45 views

CVE-2020-15433

CVE-2020-15433 affects CentOS Web Panel (cwp-e17.0.9.8.923). The flaw is in ajax_php_pecl.php when parsing the phpversion parameter, which allows an unauthenticated attacker to execute arbitrary code with root privileges via a remote code execution vector. Multiple sources (including ZDI-20-750) ...

10CVSS9.6AI score0.08083EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/28 5:1 p.m.57 views

CVE-2020-15434

CVE-2020-15434 affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerable component is ajax_php_pecl.php where the canal parameter is not properly validated before using it to execute a system call, enabling remote code execution with root privileges. Exploitation is possible without authentica...

10CVSS9.6AI score0.08411EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/28 5:1 p.m.53 views

CVE-2020-15435

The CVE-2020-15435 issue affects CentOS Web Panel (cwp-e17.0.9.8.923). The vulnerability is in ajax_dashboard.php where parsing the service_start parameter allows an attacker to construct a system call, enabling remote code execution with root privileges. It is exploitable remotely without authen...

10CVSS9.6AI score0.08411EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/28 5:1 p.m.54 views

CVE-2020-15430

This CVE (CVE-2020-15430) affects CentOS Web Panel, version cwp-e17.0.9.8.923. The vulnerability resides in ajax_list_accounts.php; the code path parsing the username parameter does not properly validate input before using it to execute a system call, allowing remote attackers to execute arbitrar...

10CVSS9.6AI score0.08083EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/28 5:1 p.m.53 views

CVE-2020-15429

CVE-2020-15429 affects CentOS Web Panel (cwp-e17.0.9.8.923). A flaw in ajax_crons.php allows remote command injection: when parsing the user parameter, the code does not properly validate the string before using it in a system call, enabling arbitrary code execution with root privileges. Authenti...

10CVSS9.6AI score0.08411EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/28 5:1 p.m.31 views

CVE-2020-15422

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the archivo parameter, the process...

9.8CVSS9.6AI score0.08411EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/07/28 5:1 p.m.27 views

CVE-2020-15421

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmodsecurity.php. When parsing the checkip parameter, the process...

9.8CVSS9.6AI score0.08083EPSS
Exploits0References1
NVD
NVD
added 2020/07/15 9:15 p.m.31 views

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

8.8CVSS0.01837EPSS
Exploits0References1
Prion
Prion
added 2020/07/15 9:15 p.m.20 views

Design/Logic Flaw

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

6.8CVSS8.8AI score0.01837EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder