38 matches found
EUVD-2015-9222
Malware in sbrugna...
CyberPanel < 2.3.8 Multiple RCEs
The CyberPanel installed on the remote host is prior to 2.3.8. It is, therefore, affected by the following vulnerabilities: - upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via...
CyberPanel Multi CVE Pre-auth RCE
This module exploits three separate unauthenticated Remote Code Execution vulnerabilities in CyberPanel: - CVE-2024-51567: Command injection vulnerability in the "upgrademysqlstatus" endpoint. - CVE-2024-51568: Command Injection via the "completePath" parameter in the "outputExecutioner" sink. -...
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...
CVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel aka Cyber Panel before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware which is only for a POST request and using shell...
CVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...
CVE-2024-51378
CyberPanel CVE-2024-51378 is an unauthenticated remote code execution affecting CyberPanel before patch 1c0c6cb (versions through 2.3.6 and unpatched 2.3.7). The vulnerability lies in getresetstatus endpoints at /dns/getresetstatus and /ftp/getresetstatus, where an attacker can bypass secMiddlewa...
CVE-2024-51567
CVE-2024-51567 = CyberPanel pre-auth remote code execution via the upgrademysqlstatus endpoint. Affected CyberPanel builds (through 2.3.6 and unpatched 2.3.7) allow attackers to bypass secMiddleware protecting POST requests and inject commands using shell metacharacters in the statusfile paramete...
SUSE CVE-2010-3054
Unspecified vulnerability in FreeType 2.3.9, and other versions before 2.4.2, allows remote attackers to cause a denial of service via vectors involving nested Standard Encoding Accented Character aka seac calls, related to psaux.h, cffgload.c, cffgload.h, and t1decode.c...
Buffer Over-read
Freetype is vulnerable to buffer overread. It is due to mishandling of psparserskipPStoken in an FTNewMemoryFace operation in skipcomment, psaux/psobjs.c, leading to a buffer over-read...
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...
Design/Logic Flaw
FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skipcomment in psaux/psobjs.c because psparserskipPStoken is mishandled in an FTNewMemoryFace operation...