Filtered by vendor Cpanel
Subscribe
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10790 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | |||||
CVE-2017-18418 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | |||||
CVE-2018-20927 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.8 LOW |
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | |||||
CVE-2018-20904 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427). | |||||
CVE-2017-18413 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | |||||
CVE-2016-10779 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). | |||||
CVE-2016-10784 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). | |||||
CVE-2017-18463 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | |||||
CVE-2016-10782 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). | |||||
CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
CVE-2018-20913 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 4.9 MEDIUM |
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | |||||
CVE-2019-14405 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | |||||
CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.5 HIGH | 5.5 MEDIUM |
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | |||||
CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | |||||
CVE-2017-18410 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | |||||
CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.6 MEDIUM | 4.7 MEDIUM |
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | |||||
CVE-2016-10856 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29). | |||||
CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.8 LOW |
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | |||||
CVE-2016-10857 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60). | |||||
CVE-2016-10768 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). |