Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14386 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | |||||
CVE-2016-10851 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84). | |||||
CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | |||||
CVE-2016-10812 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117). | |||||
CVE-2019-14411 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | |||||
CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | |||||
CVE-2017-18457 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.9 MEDIUM | 4.4 MEDIUM |
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | |||||
CVE-2017-18407 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). | |||||
CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). | |||||
CVE-2017-18387 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | |||||
CVE-2016-10801 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | |||||
CVE-2016-10774 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). | |||||
CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | |||||
CVE-2016-10822 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | |||||
CVE-2018-20940 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | |||||
CVE-2018-20907 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432). | |||||
CVE-2019-14401 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | |||||
CVE-2016-10778 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). | |||||
CVE-2016-10838 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.8 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). | |||||
CVE-2016-10786 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). |