Lucene search
K

87 matches found

Cvelist
Cvelist
added 2019/09/10 3:15 p.m.24 views

CVE-2019-14722

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account...

4.6AI score0.01538EPSS
Exploits1References3
NVD
NVD
added 2019/08/21 7:15 p.m.33 views

CVE-2019-14246

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...

6.5CVSS6.4AI score0.02218EPSS
Exploits3References4
NVD
NVD
added 2019/08/21 7:15 p.m.30 views

CVE-2019-13599

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times...

5.3CVSS5.3AI score0.03969EPSS
Exploits3References3
NVD
NVD
added 2019/08/21 7:15 p.m.23 views

CVE-2019-13477

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account...

8.8CVSS8.8AI score0.00721EPSS
Exploits3References2
Prion
Prion
added 2019/08/21 7:15 p.m.17 views

Design/Logic Flaw

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times...

5CVSS5.2AI score0.03969EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2019/08/21 6:55 p.m.54 views

CVE-2019-13477

CWP Control Web Panel version 0.9.8.837 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the Forgot Password feature, enabling an attacker to change the root password. Root cause: CSRF in the forgot-password flow exposes account password changes to unauthorized requests. Impact...

8.8CVSS8.7AI score0.00721EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2019/08/21 6:51 p.m.35 views

CVE-2019-13599

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times...

5.3AI score0.03969EPSS
Exploits3References3
CVE
CVE
added 2019/08/21 6:51 p.m.53 views

CVE-2019-13599

CVE-2019-13599 affects CentOS Web Panel (CWP) 0.9.8.848, where the login process can be used to determine if a username is valid by comparing response times, creating a user-enumeration timing side-channel. The vulnerability is documented across multiple sources (NVD, Red Hat, CNVD, PRION, etc.) ...

5.3CVSS5.2AI score0.03969EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2019/08/21 6:41 p.m.49 views

CVE-2019-14245

CVE-2019-14245 affects CentOS Web Panel 0.9.8.851. The issue is an insecure object reference in the MySQL management flow that allows an attacker with an account to delete arbitrary databases (e.g., oauthv2) on the server. Root cause: insufficient access control for database-management actions. I...

6.5CVSS6.4AI score0.01858EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2019/08/21 6:38 p.m.30 views

CVE-2019-14246

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords of any user in /etc/passwd via an attacker account...

6.5AI score0.02218EPSS
Exploits3References4
0day.today
0day.today
added 2019/08/21 12:0 a.m.44 views

CentOS Control Web Panel (CWP) 0.9.8.848 User Enumeration Vulnerability

Exploit for linux platform in category web applications Exploit Title : CWP CentOS Control Web Panel User enumerate through HTTP response time Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not...

5CVSS5.4AI score0.03969EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/08/20 12:0 a.m.153 views

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.848 User Enumeration

Exploit Title : CWP CentOS Control Web Panel User enumerate through HTTP response time Date : 15 Jul 2019 Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only available for...

5CVSS0.03969EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/08/20 12:0 a.m.159 views

CentOS-WebPanel.com Control Web Panel (CWP) 0.9.8.851 Arbitrary Database Drop

Exploit Title : CWP CentOS Control Web Panel Arbitrary database dropping Date : 24 Jul 2019 Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only available for lastest versi...

5.5CVSS0.1AI score0.01858EPSS
Exploits3
0day.today
0day.today
added 2019/08/13 12:0 a.m.25 views

Agent Tesla Botnet - Arbitrary Code Execution Exploit

Agent Tesla Botnet - Arbitrary Code Execution import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog:...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/13 12:0 a.m.108 views

Agent Tesla Botnet - Arbitrary Code Execution

import requests import argparse import base64 Agent Tesla C2 RCE by prsecurity For research purposes only. Don't pwn what you don't own. def getargs: parser = argparse.ArgumentParser prog="agentteslasploit.py", formatterclass=lambda prog: argparse.HelpFormatterprog, maxhelpposition=50, epilog= ''...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2019/08/05 12:0 a.m.106 views

CentOS-WebPanel.com Control Web Panel 0.9.8.846 Cross Site Scripting

Exploit Title: CWP CentOS Control Web Panel Reflected Cross Site Scripting Date: 23 July 2019 Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/ Version: 0.9.8.846 Tested on: CentOS 7.6.1810 Core FireFox 68.0.1 64-bit C...

4.3CVSS0.2AI score0.02176EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/08/05 12:0 a.m.101 views

CentOS-WebPanel.com Control Web Panel 0.9.8.840 User Enumeration

Exploit Title: CWP CentOS Control Web Panel User Enumeration Date: 23 July 2019 Exploit Author: Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage: https://control-webpanel.com/ Version: 0.9.8.836 to 0.9.8.840 Tested on: CentOS 7.6.1810 Core CVE : CVE-2019-13385...

4CVSS0.2AI score0.02031EPSS
Exploits3
NVD
NVD
added 2019/07/26 1:15 p.m.37 views

CVE-2019-13386

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

8.8CVSS8.7AI score0.02805EPSS
Exploits3References3
NVD
NVD
added 2019/07/26 1:15 p.m.40 views

CVE-2019-13385

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log...

4.3CVSS4.6AI score0.02031EPSS
Exploits3References3
Prion
Prion
added 2019/07/26 1:15 p.m.17 views

Privilege escalation

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

6.5CVSS8.6AI score0.02805EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder