64 matches found
CVE-2026-55477 Authenticated Arbitrary File Write via Database Import and Xray Log Path Manipulation
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
EUVD-2026-39432
3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...
CVE-2019-18419
A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2019-18418
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...
PT-2025-50237
Name of the Vulnerable Software and Affected Versions COMMAX CVD-Axx DVR version 5.1.4 Description The COMMAX CVD-Axx DVR contains weak default administrative credentials, enabling remote password attacks and disclosure of RTSP streams. An attacker can exploit this by sending a POST request to an...
EUVD-2019-6539
Malware in sbrugna...
EUVD-2014-2087
Malware in sbrugna...
EUVD-2019-8188
Malware in sbrugna...
EUVD-2014-2567
Malware in sbrugna...
CVE-2019-15571
The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php...
hestiacp 安全漏洞
hestiacp is a lightweight and powerful control panel for the modern web. A security vulnerability exists in hestiacp that stems from hestiacp's tendency to use incorrect operators in string comparisons...
COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure
COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: CVD-AH04 DVR 4.4.1 CVD-AF04 DVR 4.4.1 CVD-AH16 DVR 5.1.4 CVD-AF16 DVR 4.4.1 CVD-AF08 DVR 5.1.2 CVD-AH08 DVR 5.1.2 Summary: COMMAX offers a wide...
COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure
Exploit Title: COMMAX CVD-Axx DVR 5.1.4 - Weak Default Credentials Stream Disclosure Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX CVD-Axx DVR 5.1.4 Weak Default Credentials Stream Disclosure Vendor: COMMAX Co., Ltd. Prodcut web page:...
ClonOS WEB control panel cross-site scripting vulnerability
ClonOS is an open source platform based on FreeBSD. The platform is mainly used for the creation and management of virtual environments. web control panel is one of the web-based ClonOS control panel. A cross-site scripting vulnerability exists in the index.php file in the ClonOS WEB control pane...
CVE-2019-18418
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...
Default credentials
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...
Cross site scripting
A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...
CVE-2019-18418
clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because there is no session management...
CVE-2019-18418
CVE-2019-18418 affects ClonOS WEB control panel version 19.09. The issue is in clonos.php where there is no session management, enabling remote attackers to gain full access by sending password-change requests. Multiple sources (NVD/NVD mirrors and security advisories) describe an authentication/...
CVE-2019-18419
A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...