Jaap Marcus - Security Researcher - Exploit Intelligence Platform

CVE-2021-30070 WRITEUP HIGH WRITEUP

HestiaCP < 1.3.5 - Arbitrary Package Installation via pkg[] Parameter

An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.

CVSS 7.5

View Code

CVE-2021-3797 WRITEUP CRITICAL WRITEUP

hestiacp - Use of Wrong Operator in String Comparison

hestiacp is vulnerable to Use of Wrong Operator in String Comparison

CVSS 9.8

View Code

CVE-2022-0752 WRITEUP MEDIUM WRITEUP

GitHub hestiacp/hestiacp <1.5.9 - XSS

Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9.

CVSS 6.1

View Code

CVE-2022-0753 WRITEUP MEDIUM WRITEUP

GitHub hestiacp/hestiacp <1.5.9 - XSS

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9.

CVSS 6.1

View Code

CVE-2022-0838 WRITEUP MEDIUM WRITEUP

hestiacp control_panel < 1.5.10 - Reflected Cross-Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10.

CVSS 6.1

View Code

CVE-2022-0986 WRITEUP MEDIUM WRITEUP

hestiacp control_panel < 1.5.11 - Reflected Cross-Site Scripting

Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.

CVSS 6.1

View Code

CVE-2022-2626 WRITEUP HIGH WRITEUP

GitHub hestiacp/hestiacp <1.6.6 - Privilege Escalation

Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6.

CVSS 7.2

View Code

CVE-2022-2636 WRITEUP HIGH WRITEUP

GitHub hestiacp/hestiacp <1.6.6 - Code Injection

Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.

CVSS 8.5

View Code

CVE-2023-3479 WRITEUP MEDIUM WRITEUP

hestiacp control_panel < 1.7.8 - Reflected Cross-Site Scripting

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.

CVSS 6.1

View Code

CVE-2023-3490 WRITEUP CRITICAL WRITEUP

fossbilling < 0.5.3 - SQL Injection

SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CVSS 9.8

View Code

CVE-2023-3491 WRITEUP HIGH WRITEUP

fossbilling < 0.5.3 - Unrestricted Upload of File with Dangerous Type

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CVSS 8.8

View Code

CVE-2023-4517 WRITEUP MEDIUM WRITEUP

GitHub hestiacp/hestiacp <1.8.6 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.

CVSS 5.4

View Code

CVE-2023-5839 WRITEUP HIGH WRITEUP

hestiacp/hestiacp <1.8.9 - Privilege Escalation

Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8.9.

CVSS 7.8

View Code