Filtered by vendor Cpanel
Subscribe
Search
Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | |||||
| CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.8 MEDIUM | 7.4 HIGH |
| cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | |||||
| CVE-2016-10860 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | |||||
| CVE-2016-10833 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | |||||
| CVE-2016-10834 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | |||||
| CVE-2016-10831 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | |||||
| CVE-2016-10830 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | |||||
| CVE-2017-18413 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | |||||
| CVE-2016-10825 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | |||||
| CVE-2017-18387 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | |||||
| CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | |||||
| CVE-2016-10771 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | |||||
| CVE-2016-10773 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | |||||
| CVE-2016-10787 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 5.5 MEDIUM | 8.1 HIGH |
| The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | |||||
| CVE-2016-10788 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | |||||
| CVE-2016-10789 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). | |||||
| CVE-2016-10804 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 8.7 HIGH | 8.1 HIGH |
| The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). | |||||
| CVE-2016-10802 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | |||||
| CVE-2016-10811 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116). | |||||
| CVE-2016-10810 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115). | |||||
| CVE-2016-10809 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | |||||
| CVE-2016-10805 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). | |||||
| CVE-2017-18433 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | |||||
| CVE-2017-18434 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). | |||||
| CVE-2017-18435 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 7.5 HIGH | 7.3 HIGH |
| cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | |||||
| CVE-2016-10845 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). | |||||
| CVE-2016-10846 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 8.5 HIGH | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | |||||
| CVE-2016-10843 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). | |||||
| CVE-2016-10837 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 8.5 HIGH | 7.5 HIGH |
| cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). | |||||
| CVE-2016-10848 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | |||||
| CVE-2016-10847 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | |||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | |||||
| CVE-2016-10859 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | |||||
| CVE-2017-18460 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | |||||
| CVE-2017-18459 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | |||||
| CVE-2016-10828 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | |||||
| CVE-2016-10823 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). | |||||
| CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 6.5 MEDIUM | 7.2 HIGH |
| In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
| CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | |||||
| CVE-2017-18463 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | |||||
| CVE-2017-18383 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | |||||
| CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | |||||
| CVE-2016-10850 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | |||||
| CVE-2016-10816 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | |||||
| CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | |||||
| CVE-2016-10826 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | |||||
| CVE-2018-20911 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | |||||
| CVE-2018-20914 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.9 MEDIUM | 7.3 HIGH |
| In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | |||||
| CVE-2018-20869 | 1 Cpanel | 1 Cpanel | 2019-07-31 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | |||||
| CVE-2017-5613 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2017-03-07 | 6.8 MEDIUM | 7.8 HIGH |
| Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. | |||||