Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10790 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | |||||
CVE-2019-14387 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | |||||
CVE-2017-18405 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). | |||||
CVE-2016-10778 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). | |||||
CVE-2016-10844 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). | |||||
CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | |||||
CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | |||||
CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | |||||
CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | |||||
CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | |||||
CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | |||||
CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | |||||
CVE-2018-20907 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | |||||
CVE-2016-10855 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). | |||||
CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | |||||
CVE-2019-14388 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). | |||||
CVE-2016-10784 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). | |||||
CVE-2016-10807 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). | |||||
CVE-2017-18438 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | |||||
CVE-2016-10821 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75). |