Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centos vulnerabilities and exploits
(subscribe to this query)
1.9
CVSSv2
CVE-2019-16295
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename within a directory visited by the victim.
Control-webpanel Webpanel 0.9.8.855
10
CVSSv2
CVE-2019-16662
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
2 EDB exploits
4 Github repositories
9
CVSSv2
CVE-2019-16663
An issue exists in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
Rconfig Rconfig 3.9.2
3 Github repositories
5
CVSSv2
CVE-2019-14724
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to edit an e-mail forwarding destination of a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14725
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to change the e-mail usage value of a victim account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
5.5
CVSSv2
CVE-2019-14721
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to remove a target user from phpMyAdmin via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14722
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete an e-mail forwarding destination from a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14723
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to delete a victim's e-mail account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
6.5
CVSSv2
CVE-2019-14726
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to access and delete DNS records of a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
4
CVSSv2
CVE-2019-14728
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to add an e-mail forwarding destination to a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »