Filtered by vendor Cpanel
Subscribe
Search
Total
425 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18398 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.5 MEDIUM | 3.8 LOW |
| DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | |||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | |||||
| CVE-2016-10814 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). | |||||
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | |||||
| CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | |||||
| CVE-2016-10792 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | |||||
| CVE-2016-10791 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559). | |||||
| CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | |||||
| CVE-2017-18402 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | |||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 3.1 LOW |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
| CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | |||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | |||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | |||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
| CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | |||||
| CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 2.0 LOW |
| cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | |||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 7.9 HIGH | 5.7 MEDIUM |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | |||||
| CVE-2016-10796 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 3.3 LOW |
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | |||||
| CVE-2016-10798 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.9 MEDIUM | 6.8 MEDIUM |
| cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134). | |||||
| CVE-2016-10797 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | |||||
| CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | |||||
| CVE-2016-10839 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). | |||||
| CVE-2016-10838 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | |||||
| CVE-2016-10836 | 1 Cpanel | 1 Cpanel | 2019-08-13 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | |||||
| CVE-2017-18405 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). | |||||
| CVE-2016-10793 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). | |||||
| CVE-2017-18432 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 7.8 HIGH |
| In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). | |||||
| CVE-2016-10795 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). | |||||
| CVE-2016-10800 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 7.8 HIGH |
| cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). | |||||
| CVE-2016-10801 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | |||||
| CVE-2016-10803 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923). | |||||
| CVE-2018-20932 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | |||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | |||||
| CVE-2016-10790 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | |||||
| CVE-2016-10808 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). | |||||
| CVE-2016-10812 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | |||||
| CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | |||||
| CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.8 LOW |
| cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | |||||
| CVE-2018-20898 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396). | |||||
| CVE-2018-20925 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | |||||
| CVE-2016-10842 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). | |||||
| CVE-2016-10840 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | |||||
| CVE-2017-18406 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). | |||||
| CVE-2017-18407 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.8 MEDIUM | 4.8 MEDIUM |
| cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). | |||||
| CVE-2017-18408 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). | |||||
| CVE-2017-18409 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). | |||||
| CVE-2017-18410 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | |||||
| CVE-2017-18462 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | |||||
| CVE-2017-18476 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | |||||
| CVE-2017-18464 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 4.9 MEDIUM |
| cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). | |||||