Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

CVE
#sql#xss#web#apache#nodejs#js#intel#php#backdoor#nginx#ruby#rpm#ssl

New Version (coming soon)
Now in 2019, we release new version multiple times a week and sometimes even multiple times per day.

Version 0.9.8.651 – 0.9.8.747 (released 21/05/2018-09/12/2018 )

Security
[New Feature] Implementation of anti XSS token for the GUI

New WebServers
[New Feature] Define per domain webservers, now you can use different webservers per domain
[New Feature] prepared for AI-Robot so Artificial Intelligence can take over the control on it
[New Feature] Define global default server vhost templates for apache/nginx/varnish/php-fpm
[New Feature] Define per domain vhost templates for apache/nginx/varnish/php-fpm
[New Feature] Error detection in vhost build for apache/nginx/varnish/php-fpm
[UPDATE] latest versions of the webservers apache/nginx/varnish
[UPDATE] AutoSSL: more stable domain validation check

New Varnish
[New Feature] Varnish makes your site look like static html, it doesn’t need to run php-cgi/php-fpm for each request.
[New Feature] Website continues to work as cached even if apache is down
[New Feature] more advanced templates with better cache in memory
[New Feature] per domain templates and configs which you can modify and build your own
[New Feature] it can run now as a cache server in front of Tomcat,nodejs,ruby…

AI-Robot (Artificial Intelligence for cwp)
Artificial intelligence integration, we have integrated “AI-Robot” artificial intelligence system which has started to learn system issues and soon it will be able to handle errors and automatically recover the system services.

PHP/PHP-FPM
[New Feature] PHP-FPM default setup with cache and with fastest unix sockets
[New Feature] PHP Pecl Manager for all PHP builders
[New Feature] PHP-FPM Selector with many custom options (automatic install of dependencies)
[New Feature] Predefined vhost templates for better performances
[New Feature] Custom templates for php-fpm, you can use custom per domain
[UPDATE] latest versions of the PHP
[UPDATE] New PHP 7.3.0, please use only for beta testing
[UPDATE] for all php builders automatic detection if build is already running
[UPDATE] PHP Selector with many versions and options (automatic install of dependencies)

Other Modules
[New Feature] New DNS Zone Editor with error detection and now much more advanced
[New Feature] New Mod Security Manager
[New Feature] Automatic update manager for 3rdParty scripts like, roundcube, phpmyadmin…
[New Feature] User notifications
[UPDATE] Improved cwp to cwp migration tool, we are still working on it to make it even better
[UPDATE] MySQL Manager: edit user password

User Panel [New Design]
[SECURITY] Implementation of anti XSS token for the GUI
[New Feature] New Advanced File Manager
[New Feature] New Modern Design
[New Feature] Search integration for menu and icons
[New Feature] Sound alerts
[New Feature] Pagination for all modules
[New Feature] Advanced editor integration for php.ini
[UPDATE] Cron Manager error detection
* We have also fixed many other reported bugs

Version 0.9.8.448 – 0.9.8.651 (released 08/02/2018-21/05/2018)
[New Feature] cgroups for centos 7 (limit resource per user, eg. set cpu limit to 50%)
[New Feature] Main left menu search option
[New Feature] Manage User crons from the admin panel
[New Feature] New Notifications handler with email alerts
[New Feature] New Ulimits Module -Show all user processes and limits (good for debugging)
[New Feature] Monit Monitoring (advanced tool for monitoring server services and resources)
[New Feature] MySQL Manager now has security and optimization tests integrated
[New Feature] Security Tools – Maldet Scan – Scan websites for malware
[New Feature] Security Tools – RKHunter Scan – Scan server for rootkits, backdoors
[New Feature] Security Tools – Lynis Scan – Scan server for system hardening
[New Feature] Security Tools – Symlink scan – Scan user accounts for symlinks
[UPDATE] New SSL Manager with additional auto-download for chain certificates
[UPDATE] Latest PHP versions (used in switcher/selector)
[UPDATE] Apache latest version rpm + rebuilder/compiler
[UPDATE] New Security checks in the Security Advisor via new notifications
[BUGFIX] Fixed all reported bugs with the cpanel account migration
[BUGFIX] Fixed bugs in the account transfer tool
[BUGFIX] Fixed bugs in the Mail server manager related to rebuild
[BUGFIX] Fixed bugs with API

User Panel []
[SECURITY] Big security update for user panel, many issues have been resolved
[New Feature] AutoSSL- Install/remove Free SSL from the user panel
[UPDATE] Improved DNS zone editor

* We have also fixed many other reported bugs

Version 0.9.8.359 – 0.9.8.448 (released 29/09/2017-07/02/2018)
[UPDATE] PHP 7.2
[UPDATE] New admin panel design upgrade
[New Feature] Theme manager for User Panel
[New Feature] Language manager for User Panel
[New Feature] New cPanel migration tool running in background
[New Feature] New CWP to CWP migration tool
[New Feature] New Advanced Backup Manager
[New Feature] New Advanced API Manager with permissions

New user Panel (demo)
[New Feature] All new, too many things to have them listed here, you simply need to check it!
Fixed many many other reported bugs

Version 0.9.8.334 – 0.9.8.359 (released 26/06-29/09/2017)
[UPDATE] Added Apache 2.4.26, 2.4.27
[UPDATE] PHP 5.6.31, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.1.6, 7.1.7, 7.1.9, 7.1.10
[UPDATE] PHP selector delete unwanted php version with single click
[UPDATE] AutoSSL: manualy start and force auto renewal
[New Feature] Included manager for new user panel compatibility

[BUGFIX] IonCube installer fixed issue with php 7.0 & 7.1
[BUGFIX] Zendguard loader5.5, 5.6 improved installer
[BUGFIX] AutoSSL reported bugs fixed
[BUGFIX] Improved security
Fixed many other reported bugs

Version 0.9.8.315 – 0.9.8.333 (released 28/04-25/06/2017)
[UPDATE] detailed cleanup of removed accounts
[UPDATE] yum manager improvement
[UPDATE] New PHP versions added 7.0.20 and 7.1.5
[UPDATE] php selector new versions of php
[UPDATE] apache 2.4.26 (has security updates)
[New Feature] new ftp manager for admin
[New Feature] bandwidth monitor (incoming/outgoing for all interfaces)

[BUGFIX] php switcher bug fix
[BUGFIX] autossl bugfix
[BUGFIX] mod security installer bug fix
[BUGFIX] vhost rebuild bug fix
[BUGFIX] mail queue module bug fix
[BUGFIX] mail explorer module bug fix
Fixed many other reported bugs

Version 0.9.8.291 – 0.9.8.314 (released 23/03-28/04/2017)
[UPDATE] New PHP versions added 7.0.18 and 7.1.4
[UPDATE] Improved SSL Manager (fixed autoSSL bugs)
[UPDATE] Improved backups (now weekly and monthly use hard links and can reduce total backup size up to 65%)
[New Feature] Ajax disk usage checker (check your disk space usage per folder)
[New Feature] New Varnish configuration editor
[New CWPpro] Yum Package and Repository Manager
[SECURITY] SECURITY BUG FIXED
Prevention of Cross-site Scripting (XSS) Attack ​by Esmaeil Rahimian (Security Research from SecureHost) [email protected]
Fixed many other reported bugs

Version 0.9.8.266 – 0.9.8.290 (released 01-22/03/2017)
[BUGFIX] ioncube update scripts
[BUGFIX] sysstat graph errors
[BUGFIX] PHP Selector fixed php 7
[BUGFIX] Advanced File Manager bugs
[BUGFIX] Mail Server rebuild
[BUGFIX] SSL redirection for cwp services
[BUGFIX] Fixed security advisor multiple messages
[UPDATE] Php Switcher new additional modules and new php versions
[UPDATE] PHP Selector update of all php versions and added php 7.0, 7.1
[UPDATE] SSL Cert Manager now with more detailed info from the certificate files
[New Feature] AutoSSL option when creating new account, domain or subdomain from admin panel
[New Feature] AutoSSL for Hostname
[New Feature] Nice and Fast Ajax upgrade for list accounts, domains and subdomains.
[New Feature] New Varnish configuration editor
[CWPpro] Yum, number of available packages upgrades at login into cwp

Version 0.9.8.250 – 0.9.8.265 (released 21-28/02/2017)
[New Feature] Sysstat graphs
[UPDATE] Higher grade for apache SSL
[UPDATE] PHP Switcher_v2 Configuration Upgrade and Bugs Fixed
[BUGFIX] File Manager bug fixed, and few smaller bug in the gui

Version 0.9.8.248 – 0.9.8.249 (released 21/02/2017)
[UPDATE] PHP Switcher added extensions: intl, pspell, tidy, wddx
[BUGFIX] Fixed several bugs

Version 0.9.8.240 – 0.9.8.247 (released 17/02/2017)
[New Feature] NEW friendly PHP Version Switcher with many addons and more to come…
[UPDATE] Update of PHP versions: 7.1.2, 7.0.16, 5.6.30
[Old Removed] Old PHP Version Switcher removed from the left menu but still exists.
[BUGFIX] Fixed several bugs

Version 0.9.8.239 (released 13/02/2017)
[BUGFIX] Fixed bug with softaculous remove mysql user.

Version 0.9.8.237 & 0.9.8.238 (released 11/02/2017)
[New Feature] LiteSpeed Enterprise integration with CWP

13/02/2017
…we were working very hard to make CWP work with CentOS 7 so we have done many changes are unfortunately there is no any info what was done before in which version.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907