Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
CVE-2016-10780 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | |||||
CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||||
CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | |||||
CVE-2016-10775 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | |||||
CVE-2016-10825 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | |||||
CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | |||||
CVE-2018-20910 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | |||||
CVE-2016-10851 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | |||||
CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
CVE-2016-10817 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | |||||
CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | |||||
CVE-2019-14398 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | |||||
CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | |||||
CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
CVE-2016-10788 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | |||||
CVE-2018-16236 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | |||||
CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | |||||
CVE-2009-4823 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. |