numan türle

27 exploits Active since Nov 2018
CVE-2022-44877 NOMISEC CRITICAL WORKING POC
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
104 stars
CVSS 9.8
CVE-2022-44877 NOMISEC CRITICAL WORKING POC
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
9 stars
CVSS 9.8
CVE-2022-0441 NOMISEC CRITICAL WORKING POC
MasterStudy LMS <2.7.6 - Info Disclosure
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
6 stars
CVSS 9.8
CVE-2019-20085 NOMISEC HIGH WORKING POC
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
6 stars
CVSS 7.5
CVE-2021-47949 EXPLOITDB HIGH python WORKING POC
CyberPanel 2.1 Authenticated Remote Code Execution via Symlink Attack
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and execute arbitrary shell commands through the /websites/fetchFolderDetails endpoint.
CVSS 8.8
CVE-2021-46850 WRITEUP HIGH WRITEUP
myVesta Control Panel <0.9.8-26-43 - Command Injection
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
CVSS 7.2
CVE-2019-25355 EXPLOITDB HIGH text WORKING POC
gSOAP 2.8 - Unauthenticated Path Traversal via HTTP GET Request
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.
CVSS 7.5
CVE-2019-25352 EXPLOITDB HIGH text WORKING POC
Crystal Live HTTP Server 6.01 - Path Traversal
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.
CVSS 7.5
CVE-2021-46850 EXPLOITDB HIGH text WORKING POC
myVesta Control Panel <0.9.8-26-43 - Command Injection
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the v_sftp_license parameter when sending HTTP POST requests to the /edit/server endpoint.
CVSS 7.2
CVE-2021-47899 EXPLOITDB MEDIUM text WORKING POC
YetiShare File Hosting Script 5.1.0 - SSRF
YetiShare File Hosting Script 5.1.0 contains a server-side request forgery vulnerability that allows attackers to read local system files through the remote file upload feature. Attackers can exploit the url parameter in the url_upload_handler endpoint to access sensitive files like /etc/passwd by using file:/// protocol.
CVSS 4.0
CVE-2021-47873 EXPLOITDB HIGH text WORKING POC
VestaCP < 0.9.8-25 - Stored Cross-Site Scripting via v_interface Parameter
VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload.
CVSS 7.2
CVE-2021-47871 EXPLOITDB HIGH text WORKING POC
Hestia Control Panel 1.3.2 - File Write
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the server.
CVSS 8.8
CVE-2021-47794 EXPLOITDB HIGH python WORKING POC
ZesleCP < 3.1.9 - Authenticated Remote Code Execution via FTP Account Creation
ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host.
CVSS 8.8
CVE-2019-20085 EXPLOITDB HIGH text WORKING POC
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
CVSS 7.5
CVE-2019-25333 EXPLOITDB HIGH text WORKING POC
Bullwark Momentum Series JAWS 1.0 - Path Traversal
Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive files like /etc/passwd outside the web root directory.
CVSS 7.5
CVE-2022-0441 METASPLOIT CRITICAL ruby WORKING POC
MasterStudy LMS <2.7.6 - Info Disclosure
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
CVSS 9.8
CVE-2019-20085 METASPLOIT HIGH ruby WORKING POC
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
CVSS 7.5
CVE-2022-44877 METASPLOIT CRITICAL ruby WORKING POC
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS 9.8
CVE-2020-7209 METASPLOIT CRITICAL ruby WORKING POC
HP LinuxKI < 6.0-2 - Remote Code Execution
LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
CVSS 9.8
CVE-2022-0441 EXPLOITDB CRITICAL text WORKING POC
MasterStudy LMS <2.7.6 - Info Disclosure
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
CVSS 9.8
EIP-2026-113808 EXPLOITDB text WORKING POC
WordPress Plugin Helpful 2.4.11 - SQL Injection
CVE-2018-19550 EXPLOITDB HIGH text WORKING POC
Interspire Email Marketer <6.1.6 - File Upload
Interspire Email Marketer through 6.1.6 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a admin/temp/surveys/ URI.
CVSS 8.8
EIP-2026-103331 EXPLOITDB python WORKING POC
Usermin 1.820 - Remote Code Execution (RCE) (Authenticated)
CVE-2022-44877 EXPLOITDB CRITICAL text WORKING POC
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS 9.8
EIP-2026-102146 EXPLOITDB text WORKING POC
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal