Page 5 of 24 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI. Vesta Control Panel hasta la versión 0.9.8-22 tiene Cross-Site Scripting (XSS) mediante el parámetro domain en edit/web/, el parámetro backup en list/backup/, el parámetro period en list/rrd/, el parámetro dir_a en list/directory/ o el nombre de archivo en el URI list/directory/. VestaCP versions 0.9.8-22 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/149897/VestaCP-0.9.8-22-Cross-Site-Scripting.html https://numanozdemir.com/vesta-vulns.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.php. Se ha descubierto un problema en Vesta Control Panel 0.9.8-20. Hay Cross-Site Scripting (XSS) reflejado mediante $_REQUEST['path'] en el URI view/file/index.php que puede conducir a la ejecución de código PHP remoto por medio de vectores relacionados con una llamada file_put_contents en web/upload/UploadHandler.php. • https://github.com/serghey-rodin/vesta/issues/1558 https://medium.com/%40ndrbasi/cve-2018-10686-vestacp-rce-d96d95c2bde2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1

Vesta Control Panel before 0.9.8-14 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the backup parameter to list/backup/index.php. Vesta Control Panel en versiones anteriores a la 0.9.8-14 permite que usuarios autenticados remotos ejecuten comandos mediante metacaracteres shell en el parámetro backup en list/backup/index.php. Vesta Control Panel version 0.9.8 suffers from an OS command injection vulnerability. • https://www.exploit-db.com/exploits/37369 http://vestacp.com/roadmap/#history https://www.htbridge.com/advisory/HTB23261 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 2

The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. • https://www.exploit-db.com/exploits/20238 http://www.securityfocus.com/archive/1/84766 http://www.securityfocus.com/bid/1710 https://exchange.xforce.ibmcloud.com/vulnerabilities/5284 •