Vulnerabilities (CVE)

Filtered by vendor Cpanel Subscribe
Total 426 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-6449 1 Cpanel 2 Cpanel, Whm 2024-11-21 3.5 LOW 5.4 MEDIUM
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.
CVE-2012-6448 1 Cpanel 1 Webhost Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4823 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
CVE-2009-2275 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
CVE-2008-7142 1 Cpanel 1 Cpanel 2024-11-21 5.0 MEDIUM N/A
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
CVE-2008-6927 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
CVE-2008-6926 2 Cpanel, Netenberg 2 Cpanel, Fantastico De Luxe 2024-11-21 6.8 MEDIUM N/A
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
CVE-2008-6843 2 Cpanel, Netenberg 2 Cpanel, Fantastico De Luxe 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
CVE-2008-2478 1 Cpanel 1 Cpanel 2024-11-21 8.5 HIGH N/A
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
CVE-2008-2071 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
CVE-2008-2070 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
CVE-2008-2043 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
CVE-2008-1499 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-0370 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-4022 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
CVE-2007-3367 1 Cpanel 1 Cpanel 2024-11-21 7.8 HIGH N/A
Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3366 1 Cpanel 1 Cpanel 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-0890 1 Cpanel 1 Webhost Manager 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
CVE-2007-0854 1 Cpanel 1 Webhost Manager 2024-11-21 7.5 HIGH N/A
Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
CVE-2006-6548 1 Cpanel 1 Webhost Manager 2024-11-21 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.