Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web panel vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-15612
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLog...
Control-webpanel Webpanel 0.9.8.923
9.8
CVSSv3
CVE-2020-15613
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_admin_apis.php. When parsing the line par...
Control-webpanel Webpanel 0.9.8.923
9.8
CVSSv3
CVE-2020-15614
This vulnerability allows remote malicious users to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the cha parame...
Control-webpanel Webpanel 0.9.8.923
9.8
CVSSv3
CVE-2020-11966
In IQrouter up to and including 3.3.1, the Lua function reset_password in the web-panel allows remote malicious users to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced i...
Evenroute Iqrouter Firmware
9.8
CVSSv3
CVE-2020-11963
IQrouter up to and including 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating t...
Evenroute Iqrouter Firmware
9.8
CVSSv3
CVE-2020-10230
CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cwp_{SESSION_HASH}/admin/loader_ajax.php term parameter.
Control-webpanel Webpanel -
9.8
CVSSv3
CVE-2014-9614
The Web Panel in Netsweeper prior to 4.0.5 has a default password of branding for the branding account, which makes it easier for remote malicious users to obtain access via a request to webadmin/.
Netsweeper Netsweeper
9.8
CVSSv3
CVE-2019-18418
clonos.php in ClonOS WEB control panel 19.09 allows remote malicious users to gain full access via change password requests because there is no session management.
Clonos Clonos 19.09
1 EDB exploit
9.8
CVSSv3
CVE-2019-15571
The WEB control panel prior to 2019-04-30 for ClonOS allows SQL injection in clonos.php.
Clonos Project Clonos
9.8
CVSSv3
CVE-2019-13360
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
Control-webpanel Webpanel 0.9.8.836
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »