Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.6 LOW | 5.5 MEDIUM |
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | |||||
CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
CVE-2016-10780 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | |||||
CVE-2016-10818 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). | |||||
CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | |||||
CVE-2016-10775 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | |||||
CVE-2016-10825 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | |||||
CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | |||||
CVE-2018-20910 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | |||||
CVE-2016-10851 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | |||||
CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
CVE-2016-10817 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | |||||
CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | |||||
CVE-2019-14398 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | |||||
CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
CVE-2016-10799 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | |||||
CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
CVE-2016-10788 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | |||||
CVE-2018-16236 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | |||||
CVE-2017-11441 | 1 Cpanel | 1 Whm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. |