Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AgentejoCockpit

4 matches found

CVE
CVEadded 2018/04/10 3:29 p.m.55 views

CVE-2017-14611

SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.

9.1CVSS9AI score0.0038EPSS
CVE
CVEadded 2018/10/15 7:29 p.m.46 views

CVE-2018-15540

Agentejo Cockpit performs actions on files without appropriate validation and therefore allows an attacker to traverse the file system to unintended locations and/or access arbitrary files, aka /media/api Directory Traversal.

9.8CVSS9.3AI score0.00445EPSS
CVE
CVEadded 2018/10/15 7:29 p.m.33 views

CVE-2018-15539

Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc.

8.8CVSS8.5AI score0.00197EPSS
CVE
CVEadded 2018/10/15 7:29 p.m.32 views

CVE-2018-15538

Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities.

6.1CVSS6.2AI score0.00328EPSS