Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.
00cb85e5ab25f2d5091aa8c72d9d5252d08919dce9dbd37743bea7469e5dbc51Control Web Panel 7 versions prior to 0.9.8.1147 suffer from an unauthenticated remote code execution vulnerability.
698ef6e35dc8ca09f1857de4c6b56f25be500ed741ecd49ee2cd7f5d8dbf30efWordPress MasterStudy LMS plugin version 2.7.5 suffers from a missing access control allowing an unauthenticated party the ability to create an administrative account.
a3a490fa31272315dc3b33abac3a970e548d08d2ce2376d9748f5e401a62604fUsermin version 1.820 authenticated remote code execution exploit.
1269514ec09dd065b78ba3dc999b0430fa4c0a9cedd960a589ba52d447a070a5ZesleCP version 3.1.9 authenticated remote code execution exploit.
13dc036088e14a3dceb02f4bb93c56fa35609cd89f5f254b27c676047a24cb78CyberPanel version 2.1 authenticated remote code execution exploit.
09cef76696c3f322663bcaedb3554377b61ecaadf24c49140593ee2a871b9d80VestaCP version 0.9.8 suffers from a command injection vulnerability.
938b6d6c27f61c9809c0637869f486e2fe7cb522a5ec286367a8f2f9bb53eebbHestia Control Panel version 1.3.2 suffers from an arbitrary file write vulnerability.
8b07c29d22da704987a057fc57eda3059e580a1bc74f3d39dc736521084796f9VestaCP version 0.9.8 suffers from a persistent cross site scripting vulnerability. Original discovery of persistent cross site scripting was discovered in this version in February of 2016 by Necmettin COSKUN.
936b7288bed9dcf93c8a516f91cad5a07fbe2daf994ea79501c73aef2e6153aaYetiShare File Hosting Script version 5.1.0 suffers from a server-side request forgery vulnerability.
267963706eb600892bf78eae10349bea0978bddee0ad4d5e7923f6769861288dThis Metasploit module exploits a vulnerability in LinuxKI Toolset versions 6.01 and below which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in the security vulnerability.
fd9d232691fc54e620006cc480b1bc31a3d0a9f3015b5ff23f6b2af4b02b0a6eNVMS-1000 suffers from a directory traversal vulnerability.
f1c11abd36b12a347c4f48a04a3556a2af087fcd5951ff65d04144b4ddf23398Bullwark Momentum Series JAWS version 1.0 suffers from a directory traversal vulnerability.
812ea067f8411484fcca9fa042d4db7bb3aaad1b2fbd3bcfba9f99c82a72d77eCrystal Live HTTP Server version 6.01 suffers from a directory traversal vulnerability.
a2124740820c2e0d6ff88759285feeb95e3df9273457fcc5ae7c11f03c6e5dd1gSOAP version 2.8 suffers from a directory traversal vulnerability.
10e3f480d11820c7ca0b9b68a2bc1ee47cdcfadb6e020a9d09309e174ef9005dInterspire Email Marketer version 6.20 suffers from a remote code execution vulnerability in surveys_submit.php.
45d131e6a2425bb502f4a5d754152dd1a73aa4d4cac8f190794723acfe99d49eThis Metasploit module exploits a vulnerability in the web application of NUUO NVRmini IP camera, which can be done by triggering the writeuploaddir command in the upgrade_handle.php file.
0e6d6f16b31358d1595593354838281181d64f454a338a4ce6a5d4c2cc1f34b3Zyxel VMG1312-B10D 5.13AAXA.8 suffers from a directory traversal vulnerability.
60c8e9a5e09699dcc7795a645cfb7557da62d34304af0a5f585f8638ad3a1365ZyXEL VMG3312-B10B versions prior to 1.00 (AAPP.7) suffer from a credential disclosure vulnerability.
043dd9f6802d82984a7afef78cd5da2562fb13860ca43e1bd31ad2d12e9cdc30
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed