Pongtorn Angsuchotmetee

28 exploits Active since Mar 2019
CVE-2019-13360 EXPLOITDB CRITICAL WRITEUP
Webpanel - IDOR
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
CVSS 9.8
CVE-2019-13360 WRITEUP CRITICAL WRITEUP
Webpanel - IDOR
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
CVSS 9.8
CVE-2019-13385 WRITEUP MEDIUM WRITEUP
Webpanel - Path Traversal
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.
CVSS 4.3
CVE-2019-13386 WRITEUP HIGH WRITEUP
Centos-webpanel Centos Web Panel - Incorrect Authorization
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.
CVSS 8.8
CVE-2019-13387 WRITEUP MEDIUM WRITEUP
Webpanel - XSS
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected XSS in filemanager2.php (parameter fm_current_dir) allows attackers to steal a cookie or session, or redirect to a phishing website.
CVSS 6.1
CVE-2019-13476 WRITEUP MEDIUM WRITEUP
Webpanel - XSS
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
CVSS 5.4
CVE-2019-13477 WRITEUP HIGH WRITEUP
Webpanel - CSRF
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, CSRF in the forgot password function allows an attacker to change the password for the root account.
CVSS 8.8
CVE-2019-14721 WRITEUP MEDIUM WRITEUP
CentOS Web Panel 0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.
CVSS 6.5
CVE-2019-14722 WRITEUP MEDIUM WRITEUP
CentOS Web Panel <0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account.
CVSS 4.3
CVE-2019-14723 WRITEUP MEDIUM WRITEUP
CentOS Web Panel 0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account.
CVSS 4.3
CVE-2019-14724 WRITEUP HIGH WORKING POC
CentOS Web Panel <0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account.
CVSS 7.5
CVE-2019-14725 WRITEUP MEDIUM WRITEUP
CentOS Web Panel <0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account.
CVSS 4.3
CVE-2019-14726 WRITEUP MEDIUM WRITEUP
CentOS Web Panel <0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim's account via an attacker account.
CVSS 5.4
CVE-2019-14727 WRITEUP MEDIUM WRITEUP
CentOS Web Panel <0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.
CVSS 4.3
CVE-2019-14728 WRITEUP MEDIUM WRITEUP
CentOS Web Panel <0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.
CVSS 4.3
CVE-2019-14729 WRITEUP MEDIUM WRITEUP
CentOS Web Panel <0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim's account via an attacker account.
CVSS 4.3
CVE-2019-14730 WRITEUP MEDIUM WRITEUP
CentOS Web Panel 0.9.8.851 - Info Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a domain from a victim's account via an attacker account.
CVSS 4.3
CVE-2018-20525 EXPLOITDB CRITICAL text WORKING POC
Roxyfileman Roxy Fileman - Path Traversal
Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.
CVSS 9.1
CVE-2019-14737 EXPLOITDB HIGH text WRITEUP
Ubisoft Uplay - Incorrect Default Permissions
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.
CVSS 7.8
CVE-2018-20526 EXPLOITDB CRITICAL text WORKING POC
Roxyfileman Roxy Fileman - Unrestricted File Upload
Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.
CVSS 9.8
CVE-2024-53582 EXPLOITDB HIGH text WORKING POC
Openpanel - Path Traversal
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.
CVSS 7.5
CVE-2024-53586 EXPLOITDB MEDIUM text WORKING POC
WebFileSys <2.31.0 - Path Traversal
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing data outside the intended directory.
CVSS 5.3
CVE-2024-53582 EXPLOITDB HIGH text WORKING POC
Openpanel - Path Traversal
An issue found in the Copy and View functions in the File Manager component of OpenPanel v0.3.4 allows attackers to execute a directory traversal via a crafted HTTP request.
CVSS 7.5
CVE-2024-53584 EXPLOITDB CRITICAL text WORKING POC
Openpanel - OS Command Injection
OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter.
CVSS 9.8
CVE-2024-53537 EXPLOITDB CRITICAL text WORKING POC
Openpanel < 0.3.4 - Path Traversal
An issue in OpenPanel v0.3.4 to v0.2.1 allows attackers to execute a directory traversal in File Actions of File Manager.
CVSS 9.1