Search
Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18475 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | |||||
| CVE-2017-18474 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | |||||
| CVE-2016-10775 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | |||||
| CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 3.6 LOW | 5.5 MEDIUM |
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | |||||
| CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
| CVE-2017-18467 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | |||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | |||||
| CVE-2017-18482 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). | |||||
| CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | |||||
| CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | |||||
| CVE-2017-18480 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | |||||
| CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | |||||
| CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | |||||
| CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | |||||
| CVE-2017-18470 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 8.8 HIGH |
| cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | |||||
| CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | |||||
| CVE-2017-18411 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.8 MEDIUM |
| The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). | |||||
| CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.8 MEDIUM | 7.4 HIGH |
| cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | |||||
| CVE-2016-10860 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66). | |||||
| CVE-2016-10832 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | |||||
| CVE-2016-10833 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | |||||
| CVE-2016-10834 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | |||||
| CVE-2016-10835 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | |||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | |||||
| CVE-2016-10829 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | |||||
| CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 1.9 LOW | 2.5 LOW |
| cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | |||||
| CVE-2016-10831 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | |||||
| CVE-2016-10830 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | |||||
| CVE-2017-18413 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | |||||
| CVE-2016-10825 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | |||||
| CVE-2017-18387 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 9.0 HIGH | 7.2 HIGH |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | |||||
| CVE-2018-20934 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | |||||
| CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | |||||
| CVE-2016-10858 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.3 HIGH | 9.8 CRITICAL |
| cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). | |||||
| CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | |||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | |||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 1.9 LOW | 2.5 LOW |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | |||||
| CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | |||||
| CVE-2016-10771 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | |||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 2.1 LOW | 3.3 LOW |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
| CVE-2016-10857 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | |||||
| CVE-2016-10773 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | |||||
| CVE-2016-10786 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | |||||
| CVE-2016-10787 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 5.5 MEDIUM | 8.1 HIGH |
| The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | |||||
| CVE-2016-10767 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | |||||
| CVE-2016-10788 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | |||||
| CVE-2016-10774 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). | |||||
| CVE-2016-10779 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 3.5 LOW | 5.4 MEDIUM |
| cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). | |||||
| CVE-2016-10789 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). | |||||
| CVE-2016-10770 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | |||||