Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.9 MEDIUM | 3.1 LOW |
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | |||||
CVE-2019-14397 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | |||||
CVE-2016-10857 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | |||||
CVE-2018-20901 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | |||||
CVE-2018-20903 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | |||||
CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | |||||
CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | |||||
CVE-2018-20926 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | |||||
CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | |||||
CVE-2017-18382 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | |||||
CVE-2016-10770 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | |||||
CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). | |||||
CVE-2016-10804 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 8.7 HIGH | 8.1 HIGH |
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58). | |||||
CVE-2017-18435 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | |||||
CVE-2017-18413 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | |||||
CVE-2019-14393 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | |||||
CVE-2017-18408 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). | |||||
CVE-2016-10852 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85). | |||||
CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). |