7 matches found
CVE-2020-36948
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative...
CVE-2021-47873
VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'vinterface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload...
EUVD-2018-2060
Malware in sbrugna...
CVE-2018-1000884
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...
Design/Logic Flaw
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...
CVE-2018-1000884
Vesta CP version Prior to commit f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 -- any release prior to 0.9.8-18 contains a CWE-208 / Information Exposure Through Timing Discrepancy vulnerability in Password reset code -- web/reset/index.php, line 51 that can result in Possible to determine password...
CVE-2018-1000884
CVE-2018-1000884 affects Vesta CP prior to 0.9.8-18, where the password reset code in web/reset/index.php (line 51) exposes information due to a timing discrepancy (CWE-208). This can allow an attacker, via unauthenticated network access, to determine password reset codes and potentially change t...