unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2020-15434
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal parameter, the process does not properly validate CVE project by @Sn0wAlice
Create: 2023-01-25 03:51:05 +0000 UTC Push: 2023-01-25 03:51:07 +0000 UTC |
Live-Hack-CVE/CVE-2019-14726
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account. CVE project by @Sn0wAlice
Create: 2023-01-25 03:51:01 +0000 UTC Push: 2023-01-25 03:51:03 +0000 UTC |
Live-Hack-CVE/CVE-2018-18774
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:58 +0000 UTC Push: 2023-01-25 03:51:00 +0000 UTC |
Live-Hack-CVE/CVE-2020-15616
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the package parameter, the process does not pro CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:54 +0000 UTC Push: 2023-01-25 03:50:56 +0000 UTC |
Live-Hack-CVE/CVE-2019-14729
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:50 +0000 UTC Push: 2023-01-25 03:50:53 +0000 UTC |
Live-Hack-CVE/CVE-2020-15435
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:47 +0000 UTC Push: 2023-01-25 03:50:49 +0000 UTC |
Live-Hack-CVE/CVE-2020-15624
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_new_account.php. When parsing the domain parameter, the process does not proper CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:43 +0000 UTC Push: 2023-01-25 03:50:45 +0000 UTC |
Live-Hack-CVE/CVE-2020-15620
This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the id parameter, the process does not properly CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:40 +0000 UTC Push: 2023-01-25 03:50:42 +0000 UTC |
Live-Hack-CVE/CVE-2019-13359
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:35 +0000 UTC Push: 2023-01-25 03:50:38 +0000 UTC |
Live-Hack-CVE/CVE-2020-15422
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When parsing the archivo parameter, the process does not properly val CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:32 +0000 UTC Push: 2023-01-25 03:50:34 +0000 UTC |
Live-Hack-CVE/CVE-2020-15429
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a us CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:28 +0000 UTC Push: 2023-01-25 03:50:30 +0000 UTC |
Live-Hack-CVE/CVE-2020-15612
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_ftp_manager.php. When parsing the userLogin parameter, the process does not properly va CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:24 +0000 UTC Push: 2023-01-25 03:50:27 +0000 UTC |
Live-Hack-CVE/CVE-2019-15235
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/[USERNAME]/tmp/session/sess_xxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/access_log, then use them to gain access to the victim's password (for the OS and phpMyAdmin) via an att CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:21 +0000 UTC Push: 2023-01-25 03:50:23 +0000 UTC |
Live-Hack-CVE/CVE-2018-18322
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:17 +0000 UTC Push: 2023-01-25 03:50:20 +0000 UTC |
Live-Hack-CVE/CVE-2018-5961
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:13 +0000 UTC Push: 2023-01-25 03:50:15 +0000 UTC |
Live-Hack-CVE/CVE-2018-18772
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:09 +0000 UTC Push: 2023-01-25 03:50:12 +0000 UTC |
Live-Hack-CVE/CVE-2019-7646
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:05 +0000 UTC Push: 2023-01-25 03:50:08 +0000 UTC |
Live-Hack-CVE/CVE-2018-5962
index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. CVE project by @Sn0wAlice
Create: 2023-01-25 03:50:02 +0000 UTC Push: 2023-01-25 03:50:04 +0000 UTC |
Live-Hack-CVE/CVE-2021-31324
The unprivileged user portal part of CentOS Web Panel is affected by a Command Injection vulnerability leading to root Remote Code Execution. CVE project by @Sn0wAlice
Create: 2023-01-25 03:49:58 +0000 UTC Push: 2023-01-25 03:50:00 +0000 UTC |
Live-Hack-CVE/CVE-2021-31316
The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession' HTTP POST parameter. CVE project by @Sn0wAlice
Create: 2023-01-25 03:49:55 +0000 UTC Push: 2023-01-25 03:49:57 +0000 UTC |
Previous
467
468
469
470
471
472
473
474
Next