Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2016-10043
An issue exists in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi exists to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the applicatio...
Mrf Web Panel 9.0.1
1 EDB exploit
9.8
CVSSv3
CVE-2023-26511
A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote malicious users to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system.
Propius Machineselector 6.6.1
Propius Machineselector 6.6.0
9.8
CVSSv3
CVE-2022-45138
The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated malicious user to read and set several device parameters that can lead to full ...
Wago 751-9301 Firmware
Wago 751-9301 Firmware 22
Wago 751-9301 Firmware 23
Wago 752-8303/8000-002 Firmware
Wago 752-8303/8000-002 Firmware 22
Wago 752-8303/8000-002 Firmware 23
Wago Pfc100 Firmware
Wago Pfc100 Firmware 22
Wago Pfc100 Firmware 23
Wago Pfc200 Firmware
Wago Pfc200 Firmware 22
Wago Pfc200 Firmware 23
Wago Touch Panel 600 Advanced Firmware
Wago Touch Panel 600 Advanced Firmware 22
Wago Touch Panel 600 Advanced Firmware 23
Wago Touch Panel 600 Marine Firmware
Wago Touch Panel 600 Marine Firmware 22
Wago Touch Panel 600 Marine Firmware 23
Wago Touch Panel 600 Standard Firmware
Wago Touch Panel 600 Standard Firmware 22
Wago Touch Panel 600 Standard Firmware 23
9.8
CVSSv3
CVE-2022-47767
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects all Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included).
Solar-log Solar-log 250 Firmware
Solar-log Solar-log 300 Firmware
Solar-log Solar-log 500 Firmware
Solar-log Solar-log 800e Firmware
Solar-log Solar-log 1000 Firmware
Solar-log Solar-log 1000 Pm+ Firmware
Solar-log Solar-log 1200 Firmware
Solar-log Solar-log 2000 Firmware
Solar-log Solar-log 50 Firmware
9.8
CVSSv3
CVE-2022-44877
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allows remote malicious users to execute arbitrary OS commands via shell metacharacters in the login parameter.
Control-webpanel Webpanel
5 Github repositories
9.8
CVSSv3
CVE-2021-45466
In CWP (aka Control Web Panel or CentOS Web Panel) prior to 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
Control-webpanel Webpanel
9.8
CVSSv3
CVE-2021-45467
In CWP (aka Control Web Panel or CentOS Web Panel) prior to 0.9.8.1107, an unauthenticated attacker can use %00 bytes to cause /user/loader.php to register an arbitrary API key, as demonstrated by a /user/loader.php?api=1&scripts= .%00./.%00./api/account_new_create&acc=gu...
Control-webpanel Webpanel
9.8
CVSSv3
CVE-2022-46882
A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.8
CVSSv3
CVE-2022-34470
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
9.8
CVSSv3
CVE-2022-36784
Elsight – Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution.
Elsight Halo Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »