Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

pongtorn angsuchotmetee vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2019-13360
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
Control-webpanel Webpanel 0.9.8.836
8.8
CVSSv3
CVE-2019-13605
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is diffe...
Control-webpanel Webpanel 0.9.8.836
9.8
CVSSv3
CVE-2018-20526
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
Roxyfileman Roxy Fileman 1.4.5
9.1
CVSSv3
CVE-2018-20525
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
Roxyfileman Roxy Fileman 1.4.5
7.5
CVSSv3
CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
Control-webpanel Webpanel 0.9.8.836
5.3
CVSSv3
CVE-2019-13383
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows malicious users to check whether a username is valid by reading the HTTP response.
Control-webpanel Webpanel 0.9.8.836
5.4
CVSSv3
CVE-2019-14726
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an malicious user to access and delete DNS records of a victim's account via an attacker account.
Control-webpanel Webpanel 0.9.8.851
6.5
CVSSv3
CVE-2019-14782
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.856 up to and including 0.9.8.864 allows an malicious user to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to make a requ...
Control-webpanel Webpanel
4.3
CVSSv3
CVE-2019-13385
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows malicious users to enumerate users and check for active users of the application by reading /tmp/login.log.
Control-webpanel Webpanel 0.9.8.840
8.8
CVSSv3
CVE-2019-13386
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows malicious users to execute a shell command, i.e., obtain a reverse shell with user privilege.
Centos-webpanel Centos Web Panel 0.9.8.846
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook