Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | |||||
CVE-2017-18411 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.8 MEDIUM |
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). | |||||
CVE-2017-18428 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 1.9 LOW | 2.5 LOW |
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | |||||
CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | |||||
CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | |||||
CVE-2016-10801 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | |||||
CVE-2019-14407 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | |||||
CVE-2017-18446 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | |||||
CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | |||||
CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | |||||
CVE-2018-20919 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | |||||
CVE-2016-10773 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). | |||||
CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | |||||
CVE-2017-18455 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | |||||
CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.8 LOW |
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | |||||
CVE-2019-14400 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | |||||
CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||
CVE-2016-10834 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | |||||
CVE-2018-20911 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | |||||
CVE-2016-10851 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). |