Filtered by vendor Cpanel
Subscribe
Total
425 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10817 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 10.0 HIGH | 9.8 CRITICAL |
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123). | |||||
CVE-2016-10819 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125). | |||||
CVE-2016-10816 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121). | |||||
CVE-2016-10820 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 9.0 HIGH | 8.8 HIGH |
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31). | |||||
CVE-2016-10815 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120). | |||||
CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). | |||||
CVE-2017-18440 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | |||||
CVE-2016-10826 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | |||||
CVE-2017-18451 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | |||||
CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 4.0 MEDIUM | 4.9 MEDIUM |
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | |||||
CVE-2017-18417 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | |||||
CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | |||||
CVE-2017-18419 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | |||||
CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2019-08-05 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | |||||
CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | |||||
CVE-2018-20901 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | |||||
CVE-2018-20902 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | |||||
CVE-2018-20903 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | |||||
CVE-2018-20911 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 6.5 MEDIUM | 7.2 HIGH |
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | |||||
CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2019-08-02 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). |