87 matches found
CentOS Web Panel - SQL Injection
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. id: CVE-2021-31316 info: name: CentOS Web Panel - SQL Injection author: ritikchaddha severity: critical description: | The unprivileged user portal part of CentOS Web Pane...
Centos Web Panel 0.9.8.480 - Local File Inclusion
Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. id: CVE-2018-18323 info: name: Centos Web Panel 0.9.8.480 - Local File Inclusion author:...
CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution
CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information,...
wiki.centos-webpanel.com Cross Site Scripting vulnerability OBB-3280164
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
cpanel.centos-webpanel.centos-webpanel.com Cross Site Scripting vulnerability OBB-3279724
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mail.store.centos-webpanel.com Cross Site Scripting vulnerability OBB-3279727
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
forum.centos-webpanel.com Cross Site Scripting vulnerability OBB-3279725
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
centos-webpanel.centos-webpanel.com Cross Site Scripting vulnerability OBB-3279719
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
centos-webpanel.com Cross Site Scripting vulnerability OBB-3277100
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Paradox Security Systems IPR512 - Denial Of Service Exploit
!/bin/bash Exploit Title: Paradox Security Systems IPR512 - Denial Of Service Google Dork: intitle:"ipr512 - login screen" Date: 09-APR-2023 Exploit Author: Giorgi Dograshvili Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 Version: IPR512 CVE :...
Exploit for OS Command Injection in Control-Webpanel Webpanel
Docs Paper : https://docs.google.com/document/d/1rQ7e9i2AFzHbASf...
Control WebPanel / CentOS WebPanel (CWP) Detection Consolidation
Consolidation of Control WebPanel / CentOS WebPanel CWP detections. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"...
CosaNostra Builder WebPanel Insecure Cryptographic Storage
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Insecure Crypto Description: The password for the panel ...
CosaNostra Builder WebPanel Cross Site Request Forgery Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83C.txt Contact: email protected Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Cross Site Request Forgery CSRF Description: The Panel does...
CosaNostra Builder WebPanel Cross Site Request Forgery
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83C.txt Contact: [email protected] Media: twitter.com/malvuln Threat: CosaNostra Builder WebPanel Vulnerability: Cross Site Request Forgery CSRF Description: The Panel...
CosaNostra Builder WebPanel Insecure Cryptographic Storage Vulnerability
CosaNostra Builder WebPanel malware only uses straight MD5 to store passwords without any salt. Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/61285c988de52b7c067fb2e703f2ab83B.txt Contact: email protected Media: twitter.com/malvuln Threat:...
Rafel-Rat - Android Rat Written In Java With WebPanel For Controlling Victims
Rafel is RemoteAccess Tool Used to Control Victims Using WebPanel With More Advance Features. Main Features Admin Permission Add App To White List Looks Like Browser Runs In Background Even App is ClosedMay not work on some Devices Accessibility Feature Support Android v5 - v10 No Port Forwarding...
Control WebPanel / CentOS WebPanel (CWP) Detection (HTTP)
HTTP based detection of the Control WebPanel / CentOS WebPanel CWP. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Sql injection
CentOS-WebPanel.com aka CWP CentOS Web Panel for CentOS 6 and 7 allows SQL Injection via the /cwpSESSIONHASH/admin/loaderajax.php term parameter...
CVE-2020-10230
CentOS-WebPanel.com aka CWP CentOS Web Panel for CentOS 6 and 7 allows SQL Injection via the /cwpSESSIONHASH/admin/loaderajax.php term parameter...