1147 matches found
Control Web Panel /admin/index.php Unauthenticated RCE
Control Web Panel CWP versions use exploit/linux/http/controlwebpanelapicmdexec msf exploitcontrolwebpanelapicmdexec show targets ...targets... msf exploitcontrolwebpanelapicmdexec set TARGET msf exploitcontrolwebpanelapicmdexec show options ...show and set options... msf...
📄 Control Web Panel 0.9.8.1208 Remote Code Execution
Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be...
CVE-2019-11196
An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System IUMS allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel TWP User ID or Password field. If exploited, the attackers could perform any action...
CVE-2020-10230
CentOS-WebPanel.com aka CWP CentOS Web Panel for CentOS 6 and 7 allows SQL Injection via the /cwpSESSIONHASH/admin/loaderajax.php term parameter...
CVE-2019-12190
XSS was discovered in CentOS-WebPanel.com aka CWP CentOS Web Panel through 0.9.8.747 via the testacc/fileManager2.php fmcurrentdir or filename parameter...
CVE-2018-25138
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
CVE-2018-25138
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
CVE-2018-25138 FLIR AX8 Thermal Camera 1.32.16 Hard-Coded Credentials Authentication Bypass
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
CVE-2018-25138
CVE-2018-25138 affects FLIR AX8 Thermal Camera firmware 1.32.16. The issue is hard-coded SSH and web panel credentials that cannot be changed via normal camera operations, enabling an unauthenticated attacker to gain shell access and log in to multiple interfaces using predefined credentials. Imp...
FLIR AX8 Thermal Camera 安全漏洞
FLIR AX8 Thermal Camera is a monitoring thermal imaging sensor from FLIR, Inc. A security vulnerability exists in the FLIR AX8 Thermal Camera version 1.32.16, which stems from the presence of hard-coded SSH and web panel credentials that could lead to unauthorized access...
PT-2025-53358
FLIR AX8 Thermal Camera 1.32.16 contains hard-coded SSH and web panel credentials that cannot be changed through normal camera operations. Attackers can exploit these persistent credentials to gain unauthorized shell access and login to multiple camera interfaces using predefined username and...
📄 Control Web Panel 0.9.8.1208 Command Injection
Control Web Panel versions 0.9.8.1208 and below suffer from an issue where user input passed via the key GET parameter to /admin/index.php when the api parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject...
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting Gladinet and Control Web Panel CWP to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below ...
Linanto Control Web Panel (CWP) < 0.9.8.1205 Command Injection (CVE-2025-48703)
The version of Linanto Control Web Panel CWP, a web based control panel application, installed on the remote host is prior to 0.9.8.1205. It is, therefore, affected by a remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. Note that Nessus ha...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-11371link is external Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability CVE-2025-48703link is external CWP...
CWP Control Web Panel OS Command Injection Vulnerability
CWP Control Web Panel formerly CentOS Web Panel contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...
PT-2025-45417
Name of the Vulnerable Software and Affected Versions macOS versions prior to 26.1 Description A denial-of-service issue exists due to insufficient input validation. Visiting a website may cause an application to become unresponsive. Recommendations Update to macOS version 26.1...
CVE-2025-62797 CSRF in FluxCP account endpoints allows account takeover / state-changing actions
FluxCP is a web-based Control Panel for rAthena servers written in PHP. A critical Cross-Site Request Forgery CSRF vulnerability exists in the FluxCP-based website template used by multiple rAthena/Ragnarok servers. State-changing POST endpoints accept browser-initiated requests that are authoriz...
EUVD-2020-7422
Malware in sbrugna...
EUVD-2020-7612
Malware in sbrugna...