Vulnerabilities > Ajenti

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-09	CVE-2019-25066	OS Command Injection vulnerability in Ajenti 2.1.31 A vulnerability has been found in ajenti 2.1.31 and classified as critical. network low complexity ajenti CWE-78	6.5
2018-10-24	CVE-2018-18548	Cross-site Scripting vulnerability in Ajenti Ajenticp ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager. network ajenti CWE-79	4.3
2018-03-13	CVE-2018-1000126	Information Exposure vulnerability in Ajenti 2 Ajenti version 2 contains an Information Disclosure vulnerability in Line 176 of the code source that can result in user and system enumeration as well as data from the /etc/ajenti/config.yml file. network low complexity ajenti CWE-200	5.0
2018-03-13	CVE-2018-1000083	Path Traversal vulnerability in Ajenti 2 Ajenti version version 2 contains a Improper Error Handling vulnerability in Login JSON request that can result in The requisition leaks a path of the server. network low complexity ajenti CWE-22	5.0
2018-03-13	CVE-2018-1000082	Cross-Site Request Forgery (CSRF) vulnerability in Ajenti 2 Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. network ajenti CWE-352	6.8
2018-03-13	CVE-2018-1000081	Improper Input Validation vulnerability in Ajenti 2 Ajenti version version 2 contains a Input Validation vulnerability in ID string on Get-values POST request that can result in Server Crashing. network low complexity ajenti CWE-20	5.0
2018-03-13	CVE-2018-1000080	Incorrect Permission Assignment for Critical Resource vulnerability in Ajenti 2 Ajenti version version 2 contains a Insecure Permissions vulnerability in Plugins download that can result in The download of any plugins as being a normal user. network low complexity ajenti CWE-732	4.0
2014-06-18	CVE-2014-4301	Cross-Site Scripting vulnerability in Ajenti Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page. network ajenti CWE-79	4.3
2014-04-30	CVE-2014-2260	Cross-Site Scripting vulnerability in Ajenti 1.2.13 Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality. network ajenti CWE-79	3.5

Vulnerabilities > Ajenti {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ajenti"}]}

Vulnerabilities > Ajenti