Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10787 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | |||||
CVE-2018-20936 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | |||||
CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | |||||
CVE-2016-10776 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). | |||||
CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | |||||
CVE-2017-18406 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). | |||||
CVE-2017-18463 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | |||||
CVE-2019-14392 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | |||||
CVE-2016-10838 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.8 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | |||||
CVE-2016-10847 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | |||||
CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | |||||
CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.3 LOW | 3.9 LOW |
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | |||||
CVE-2016-10793 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). | |||||
CVE-2018-20934 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | |||||
CVE-2018-20877 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). | |||||
CVE-2018-20915 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). | |||||
CVE-2017-18473 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | |||||
CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | |||||
CVE-2016-10840 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | |||||
CVE-2019-14399 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.1 MEDIUM | 7.1 HIGH |
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). |