CVE-2019-14729
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a sub-domain from a victim’s account via an attacker account.
Source: CVE-2019-14729
[월:] 2019년 09월
CVE-2019-14727
CVE-2019-14727
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.
Source: CVE-2019-14727
CVE-2019-14726
CVE-2019-14726
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to access and delete DNS records of a victim’s account via an attacker account.
Source: CVE-2019-14726
CVE-2019-14723
CVE-2019-14723
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim’s e-mail account via an attacker account.
Source: CVE-2019-14723
CVE-2019-5503
CVE-2019-5503
OnCommand Workflow Automation versions prior to 5.0 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
Source: CVE-2019-5503
CVE-2019-16106
CVE-2019-16106
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to change the password of any user via the recruitment_online/personalData/act_acounttab.cfm txtNewUserName and hdNP fields.
Source: CVE-2019-16106
CVE-2019-14728
CVE-2019-14728
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim’s account via an attacker account.
Source: CVE-2019-14728
CVE-2019-14722
CVE-2019-14722
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim’s account via an attacker account.
Source: CVE-2019-14722
CVE-2019-14721
CVE-2019-14721
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account.
Source: CVE-2019-14721
CVE-2019-12401
CVE-2019-12401
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
Source: CVE-2019-12401