CVE-2020-36948

VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...

Vesta Control Panel (VestaCP) security vulnerabilities

Vesta Control Panel VestaCP is an open-source virtual hosting control panel developed by Vesta Control Panel Inc. Version 0.9.8-26 of Vesta Control Panel VestaCP has a security vulnerability caused by insufficient token verification, which may allow unauthorized access to user accounts...

CVE-2021-47873

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

EUVD-2026-3630

VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...

Vesta Control Panel (VestaCP) Cross-site Scripting Vulnerabilities

Vesta Control Panel VestaCP is an open-source virtual hosting control panel developed by Vesta Control Panel Inc. Versions of Vesta Control Panel VestaCP prior to 0.9.8-25 contained a cross-site scripting vulnerability. This vulnerability stemmed from IP interface configurations that allowed...

CVE-2021-28379

web/upload/UploadHandler.php in Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin...

CVE-2020-10808

Vesta Control Panel VestaCP through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bashlogout to a .bashlogout' substring followed by shell...

CVE-2020-10786

A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs...

CVE-2020-10966

In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before 1.1.1, Host header manipulation leads to account takeover because the victim receives a reset URL containing an attacker-controlled server name...

CVE-2019-12792

A command injection vulnerability in UploadHandler.php in Vesta Control Panel 0.9.8-24 allows remote attackers to escalate from regular registered users to root...

EUVD-2018-21604

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

Vesta Control Panel 安全漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version ee03eff and prior versions, which stems from embedded malicious code that could lead to a supply chain attack and administrator credential disclosure...

EUVD-2018-2060

Malware in sbrugna...

EUVD-2020-3200

Malware in sbrugna...

EUVD-2019-19215

Malware in sbrugna...

EUVD-2019-4375

Malware in sbrugna...

EUVD-2018-2757

Malware in sbrugna...

EUVD-2018-10268

Malware in sbrugna...

EUVD-2021-15061

Malware in sbrugna...

EUVD-2019-19200

Malware in sbrugna...