Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

narin boonwasanarak vulnerabilities and exploits

(subscribe to this query)
5.3
CVSSv3

CVE-2019-13383

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows malicious users to check whether a username is valid by reading the HTTP response.
Control-webpanel Webpanel 0.9.8.836
7.5
CVSSv3

CVE-2019-13359

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
4.6
CVSSv3

CVE-2019-16295

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.
Control-webpanel Webpanel 0.9.8.855
6.5
CVSSv3

CVE-2019-14721

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to remove a target user from phpMyAdmin via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4.3
CVSSv3

CVE-2019-14722

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete an e-mail forwarding destination from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4.3
CVSSv3

CVE-2019-14723

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a victim's e-mail account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
7.5
CVSSv3

CVE-2019-14724

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to edit an e-mail forwarding destination of a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
5.4
CVSSv3

CVE-2019-14726

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to access and delete DNS records of a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4.3
CVSSv3

CVE-2019-14727

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to change the e-mail password of a victim account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4.3
CVSSv3

CVE-2019-14729

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a sub-domain from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29824CVE-2024-30095CVE-2024-30104client sideCVE-2024-5840CVE-2024-34405unprivilegedwirelessCVE-2024-4577
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook