Lucene search
K

1147 matches found

Metasploit
Metasploit
added 2026/01/14 6:54 p.m.410 views

Control Web Panel /admin/index.php Unauthenticated RCE

Control Web Panel CWP versions use exploit/linux/http/controlwebpanelapicmdexec msf exploitcontrolwebpanelapicmdexec show targets ...targets... msf exploitcontrolwebpanelapicmdexec set TARGET msf exploitcontrolwebpanelapicmdexec show options ...show and set options... msf...

7.3CVSS6AI score0.01186EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/01/14 12:0 a.m.186 views

📄 Control Web Panel 0.9.8.1208 Remote Code Execution

Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be...

8.1AI score0.01186EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.7 views

CVE-2019-11196

An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System IUMS allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel TWP User ID or Password field. If exploited, the attackers could perform any action...

10CVSS7.5AI score0.06273EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.6 views

CVE-2020-10230

CentOS-WebPanel.com aka CWP CentOS Web Panel for CentOS 6 and 7 allows SQL Injection via the /cwpSESSIONHASH/admin/loaderajax.php term parameter...

9.8CVSS8.2AI score0.14668EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:28 a.m.8 views

CVE-2019-12190

XSS was discovered in CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fmcurrentdir or filename parameter...

5.4CVSS6.1AI score0.05323EPSS
Exploits1References1
NVD
NVD
added 2025/12/24 8:15 p.m.8 views

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

9.8CVSS0.00523EPSS
Exploits2References3
OSV
OSV
added 2025/12/24 8:15 p.m.5 views

CVE-2018-25138

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

9.8CVSS5.8AI score0.00523EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/12/24 7:27 p.m.3 views

CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

9.8CVSS7.4AI score0.00523EPSS
Exploits2References3
CVE
CVE
added 2025/12/24 7:27 p.m.16 views

CVE-2018-25138

CVE-2018-25138 affects FLIR AX8 Thermal Camera firmware 1.32.16. The issue is hard-coded SSH and web panel credentials that cannot be changed via normal camera operations, enabling an unauthenticated attacker to gain shell access and log in to multiple interfaces using predefined credentials. Imp...

9.8CVSS7.4AI score0.00523EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2025/12/24 12:0 a.m.6 views

FLIR AX8 Thermal Camera 安全漏洞

FLIR AX8 Thermal Camera is a monitoring thermal imaging sensor from FLIR, Inc. A security vulnerability exists in the FLIR AX8 Thermal Camera version 1.32.16, which stems from the presence of hard-coded SSH and web panel credentials that could lead to unauthorized access...

9.8CVSS6.7AI score0.00523EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.12 views

PT-2025-53358

FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...

9.3CVSS7.8AI score0.00523EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.210 views

📄 Control Web Panel 0.9.8.1208 Command Injection

Control Web Panel versions 0.9.8.1208 and below suffer from an issue where user input passed via the key GET parameter to /admin/index.php when the api parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject...

7.8AI score0.01186EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/11/05 6:12 a.m.10 views

CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting Gladinet and Control Web Panel CWP to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below ...

9.8CVSS8.9AI score0.99589EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.7 views

Linanto Control Web Panel (CWP) < 0.9.8.1205 Command Injection (CVE-2025-48703)

The version of Linanto Control Web Panel CWP, a web based control panel application, installed on the remote host is prior to 0.9.8.1205. It is, therefore, affected by a remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. Note that Nessus ha...

9CVSS8.6AI score0.99589EPSS
Exploits3References2
CISA
CISA
added 2025/11/04 12:0 p.m.10 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11371link is external Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability CVE-2025-48703link is external CWP...

9CVSS7.2AI score0.99589EPSS
In wildExploits7References7
CISA KEV Catalog
CISA KEV Catalog
added 2025/11/04 12:0 a.m.14 views

CWP Control Web Panel OS Command Injection Vulnerability

CWP Control Web Panel formerly CentOS Web Panel contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...

9CVSS8.2AI score0.99589EPSS
In wildExploits3
Positive Technologies
Positive Technologies
added 2025/11/03 12:0 a.m.15 views

PT-2025-45417

Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.1 Description A denial-of-service issue exists due to insufficient input validation. Visiting a website may cause an application to become unresponsive. Recommendations Update to macOS version 26.1...

8.3AI score0.00351EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/29 5:49 p.m.11 views

CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...

8.6CVSS0.00182EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7422

Malware in sbrugna...

10CVSS9.5AI score0.08411EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-7612

Malware in sbrugna...

7.8CVSS7.6AI score0.0383EPSS
Exploits0References2
Rows per page
Query Builder