Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AjentiAjenti

8 matches found

CVE
CVEadded 2022/06/09 5:15 p.m.2007 views

CVE-2019-25066

A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to ...

8.8CVSS7.7AI score0.00442EPSS
CVE
CVEadded 2014/06/18 2:55 p.m.50 views

CVE-2014-4301

Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the tracebac...

4.3CVSS5.6AI score0.00367EPSS
CVE
CVEadded 2018/03/13 9:29 p.m.39 views

CVE-2018-1000126

Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. This attack appears to be exploitable via network connectivity to the web application.

7.5CVSS7.4AI score0.00316EPSS
CVE
CVEadded 2018/03/13 3:29 p.m.38 views

CVE-2018-1000081

Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. This attack appear to be exploitable via An attacker can freeze te server by sending a giant string to the ID parameter ..

7.5CVSS7.4AI score0.00334EPSS
CVE
CVEadded 2018/03/13 3:29 p.m.38 views

CVE-2018-1000082

Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the vi...

8.8CVSS9AI score0.00841EPSS
CVE
CVEadded 2018/03/13 3:29 p.m.37 views

CVE-2018-1000080

Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. This attack appear to be exploitable via By knowing how the requisition is made, and sending it as a normal user, the server, in response...

6.5CVSS6.4AI score0.0011EPSS
CVE
CVEadded 2014/04/30 11:58 p.m.35 views

CVE-2014-2260

Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.

3.5CVSS5.5AI score0.00215EPSS
CVE
CVEadded 2018/03/13 3:29 p.m.35 views

CVE-2018-1000083

Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. This attack appear to be exploitable via By sending a malformed JSON, the tool responds with a traceback error that leaks a path of the serv...

5.3CVSS5.2AI score0.00264EPSS