Filtered by vendor Cpanel
Subscribe
Search
Total
212 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | |||||
| CVE-2016-10785 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185). | |||||
| CVE-2017-18456 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | |||||
| CVE-2018-20947 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | |||||
| CVE-2018-20952 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | |||||
| CVE-2018-20953 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | |||||
| CVE-2016-10768 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.5 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). | |||||
| CVE-2016-10769 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). | |||||
| CVE-2016-10776 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). | |||||
| CVE-2016-10777 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). | |||||
| CVE-2016-10780 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | |||||
| CVE-2016-10778 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). | |||||
| CVE-2016-10781 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). | |||||
| CVE-2016-10782 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). | |||||
| CVE-2016-10784 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). | |||||
| CVE-2016-10783 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). | |||||
| CVE-2018-20941 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.7 MEDIUM | 5.6 MEDIUM |
| cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | |||||
| CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | |||||
| CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | |||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 7.5 HIGH | 5.5 MEDIUM |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | |||||
| CVE-2018-20890 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426). | |||||
| CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | |||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.6 MEDIUM | 6.8 MEDIUM |
| cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | |||||
| CVE-2016-10841 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 5.3 MEDIUM |
| The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | |||||
| CVE-2018-20899 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398). | |||||
| CVE-2017-18389 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | |||||
| CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.8 MEDIUM |
| cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | |||||
| CVE-2016-10853 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86). | |||||
| CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | |||||
| CVE-2017-18447 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). | |||||
| CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | |||||
| CVE-2017-18449 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | |||||
| CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.4 MEDIUM | 4.5 MEDIUM |
| cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | |||||
| CVE-2017-18461 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | |||||
| CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.6 MEDIUM | 4.7 MEDIUM |
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | |||||
| CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | |||||
| CVE-2017-18444 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | |||||
| CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | |||||
| CVE-2017-18441 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.0 MEDIUM | 5.0 MEDIUM |
| cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | |||||
| CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | |||||
| CVE-2018-20950 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | |||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | |||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | |||||
| CVE-2018-20933 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | |||||
| CVE-2018-20889 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.6 LOW | 4.4 MEDIUM |
| cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425). | |||||
| CVE-2016-10827 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | |||||
| CVE-2016-10822 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | |||||
| CVE-2018-20935 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | |||||
| CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | |||||