Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-20909 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338). | |||||
CVE-2018-20862 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 7.8 HIGH |
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | |||||
CVE-2018-20903 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | |||||
CVE-2016-10809 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114). | |||||
CVE-2017-18456 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | |||||
CVE-2018-20916 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). | |||||
CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | |||||
CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | |||||
CVE-2016-10832 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | |||||
CVE-2018-20863 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | |||||
CVE-2019-14412 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). | |||||
CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | |||||
CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | |||||
CVE-2016-10841 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 5.3 MEDIUM |
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). | |||||
CVE-2016-10825 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | |||||
CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | |||||
CVE-2016-10770 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | |||||
CVE-2018-16236 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | |||||
CVE-2017-11441 | 1 Cpanel | 1 Whm | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | |||||
CVE-2017-5613 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. |