Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-24814
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin prior to 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escape...
Welaunch Wordpress Gdpr\\&ccpa
6.8
CVSSv2
CVE-2021-41083
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This incl...
Dadamailproject Dada Mail
6.8
CVSSv2
CVE-2021-28379
web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) up to and including 0.9.8-27 and myVesta up to and including 0.9.8-26-39 allows uploads from a different origin.
Myvestacp Myvesta
Vestacp Vesta Control Panel
6.8
CVSSv2
CVE-2020-35223
The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests.
Netgear Gs116e Firmware 2.6.0.43
Netgear Jgs516pe Firmware 2.6.0.43
6.8
CVSSv2
CVE-2020-13620
Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.
Fastweb Fastgate Gpon Fga2130fwb Firmware
6.8
CVSSv2
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES (ERES) v7.0 update 7 allows remote malicious users to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their re...
Quadbase Espressreport Enterprise Server 7.0
6.8
CVSSv2
CVE-2018-13814
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All version...
Siemens Simatic Hmi Comfort Panels Firmware
Siemens Simatic Hmi Comfort Outdoor Panels Firmware
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f Firmware
Siemens Simatic Hmi Ktp Mobile Panels Ktp900 Firmware
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f Firmware
Siemens Simatic Wincc \\(tia Portal\\)
Siemens Simatic Wincc Runtime
Siemens Simatic Hmi Tp Firmware
Siemens Simatic Hmi Mp Firmware
Siemens Simatic Hmi Op Firmware
6.8
CVSSv2
CVE-2018-18772
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
Control-webpanel Webpanel
1 EDB exploit
6.8
CVSSv2
CVE-2018-18773
CentOS-WebPanel.com (aka CWP) CentOS Web Panel up to and including 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
Control-webpanel Webpanel
1 EDB exploit
6.8
CVSSv2
CVE-2018-9281
An issue exists on Eaton UPS 9PX 8000 SP devices. The administration panel is vulnerable to a CSRF attack on the change-password functionality. This vulnerability could be used to force a logged-in administrator to perform a silent password update. The affected forms are also vul...
Eaton 9px Ups Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »