InfinitumIT

6 exploits Active since Nov 2018
CVE-2019-12095 EXPLOITDB HIGH text WORKING POC
Horde Trean <5.2.22 - CSRF
Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload.
CVSS 8.8
CVE-2019-12094 EXPLOITDB MEDIUM text WORKING POC
Horde Groupware Webmail Edition <5.2.22 - XSS
Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.
CVSS 6.1
CVE-2018-18773 EXPLOITDB HIGH text WORKING POC
Webpanel < 0.9.8.740 - CSRF
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=rootpwd, as demonstrated by changing the root password.
CVSS 8.8
CVE-2018-18772 EXPLOITDB HIGH text WORKING POC
Webpanel < 0.9.8.740 - CSRF
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows CSRF via admin/index.php?module=send_ssh, as demonstrated by executing an arbitrary OS command.
CVSS 8.8
CVE-2019-11193 EXPLOITDB MEDIUM text WORKING POC
Directadmin < 1.561 - CSRF
The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel.
CVSS 6.1
CVE-2018-18774 EXPLOITDB MEDIUM text WORKING POC
Webpanel < 0.9.8.740 - XSS
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter.
CVSS 6.1