20 matches found
EUVD-2019-5877
Malware in sbrugna...
EUVD-2017-9520
Malware in sbrugna...
EUVD-2019-5876
Malware in sbrugna...
CVE-2019-14730
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...
CVE-2019-14729
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account...
PT-2023-6844 · Modoboa · Modoboa
Name of the Vulnerable Software and Affected Versions: modoboa/modoboa versions prior to 2.0.4 Description: The issue is related to Cross-Site Request Forgery CSRF in the modoboa/modoboa GitHub repository. This can allow a remote attacker to impact the integrity and availability of protected...
CSRF leading to delete a domain
Description GET /admin/domains/id/delete/ page is vulnerable to a CSRF attack. Proof of Concept 1. Login as admin. 2. Create a domain to be deleted. E.g. the domain ID is 4. 3. Open the following file in the browser. html history.pushState'', '', '/' document.forms0.submit;...
UBUNTU-CVE-2022-42320
Xenstore: Guests can get access to Xenstore nodes of deleted domains Access rights of Xenstore nodes are per domid. When a domain is gone, there might be Xenstore nodes left with access rights containing the domid of the removed domain. This is normally no problem, as those access right entries...
CVE-2021-24711 Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
The delreistereddomains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack...
Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
The delreistereddomains AJAX action of the plugin does not have any CSRF checks, and is vulnerable to a CSRF attack PoC https://example.com/wp-admin/admin-ajax.php?action=delreistereddomain=1...
Software License Manager < 4.5.1 - Arbitrary Domain Deletion via CSRF
The delreistereddomains AJAX action of the plugin does not have any CSRF checks, and is vulnerable to a CSRF attack https://example.com/wp-admin/admin-ajax.php?action=delreistereddomain&id=1...
CVE-2019-14730
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...
Design/Logic Flaw
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...
CVE-2019-14730
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account...
PT-2019-4390 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version 0.9.8.851 Description: The issue exists due to insufficient input validation in the application, allowing a remote attacker to delete a sub-domain from a user's account. This can be achieved by an attacker using their...
Code injection
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD SEC-341...
CVE-2017-18404
CVE-2017-18404 affects cPanel prior to 68.0.15. The vulnerability allows deletion of domain data for domains with the .lock TLD. Root cause details are not fully specified in the provided documents, but multiple sources (NVD, Red Hat, CNVD, CVE listings) corroborate the issue. There is no explici...
Mailcow 0.14 - Cross-Site Request Forgery
Mailcow 0.14 - Cross-Site Request Forgery + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MAILCOW-v0.14-CSRF-PASSWORD-RESET-ADD-ADMIN.txt + ISR: ApparitionSec Vendor: ============= mailcow.email mailcow.github.io Produc...
Virtualizor < 2.3.2 PDNS Domain Deletion Security Bypass
According to its version number, the Virtualizor install hosted on the remote web server is earlier than 2.3.2 and therefore affected by a security bypass vulnerability. Due to an unspecified flaw, an attacker may be able to delete arbitrary PDNS domains that their user account does not have acce...
Virtualizor < 2.3.2 PDNS Domain Deletion Security Bypass
Binary data 6947.prm...