Cpanel

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-18391 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 2.5 LOW· v3 1.9 LOW· v2 cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
CVE-2017-18390 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
CVE-2017-18389 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
CVE-2017-18388 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
CVE-2017-18387 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
CVE-2017-18386 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
CVE-2017-18385 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
CVE-2017-18384 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 3.8 LOW· v3 2.1 LOW· v2 cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
CVE-2017-18383 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
CVE-2017-18382 1Cpanel 1Cpanel Nov 21, 2024 Aug 2, 2019 N/A· v4 2.7 LOW· v3 4.0 MEDIUM· v2 cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
CVE-2016-10826 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
CVE-2016-10821 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
CVE-2016-10820 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
CVE-2016-10819 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
CVE-2016-10818 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
CVE-2016-10817 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
CVE-2016-10816 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
CVE-2016-10815 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
CVE-2016-10814 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
CVE-2016-10813 1Cpanel 1Cpanel Nov 21, 2024 Aug 1, 2019 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).

Previous 1...101112...22 Next