Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyberpower powerpanel vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-25131
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and previous versions, PowerPanel Business Management for Windows v4.8.6 and previous versions, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and previous versions, PowerPanel B...
Cyberpower Powerpanel
9.8
CVSSv3
CVE-2023-25132
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and previous versions, PowerPanel Business Management for Windows v4.8.6 and previous versions, PowerPanel Business Local/Remote for Linux 32bi...
Cyberpower Powerpanel
9.8
CVSSv3
CVE-2023-25133
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and previous versions, PowerPanel Business Management for Windows v4.8.6 and previous versions, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and previ...
Cyberpower Powerpanel
9.8
CVSSv3
CVE-2023-3266
A non-feature complete authentication mechanism exists in the production application allowing an malicious user to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPan...
Cyberpower Powerpanel Server
8.8
CVSSv3
CVE-2023-3267
When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitra...
Cyberpower Powerpanel Server
9.8
CVSSv3
CVE-2023-3265
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an malicious user to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenti...
Cyberpower Powerpanel Server
5.4
CVSSv3
CVE-2019-13070
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged malicious user to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the em...
Cyberpowersystems Powerpanel 3.4.0
8.8
CVSSv3
CVE-2019-13071
CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an malicious user to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page.
Cyberpowersystems Powerpanel 3.4.0
NA
CVE-2024-33615
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an malicious user to achieve remote code execution.
NA
CVE-2024-32042
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »