Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18476 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | |||||
CVE-2018-20914 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.9 MEDIUM | 7.3 HIGH |
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | |||||
CVE-2019-14391 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | |||||
CVE-2018-20886 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418). | |||||
CVE-2019-14402 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | |||||
CVE-2016-10794 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | |||||
CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.6 MEDIUM | 6.8 MEDIUM |
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | |||||
CVE-2018-20922 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | |||||
CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | |||||
CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | |||||
CVE-2016-10805 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). | |||||
CVE-2019-14414 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | |||||
CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | |||||
CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.3 LOW | 3.9 LOW |
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | |||||
CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | |||||
CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | |||||
CVE-2018-20913 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 4.9 MEDIUM |
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | |||||
CVE-2017-18400 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333). | |||||
CVE-2017-18467 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | |||||
CVE-2016-10773 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). |