← Back

Cpanel

cpanel

426 CVEs • 6 products

Products (6)

Click to collapse
Toggle
Cpanel
cpanel
417 CVEs
Webhost Manager
webhost_manager
5 CVEs
Cgiecho
cgiecho
3 CVEs
Cgiemail
cgiemail
3 CVEs
Whm
whm
3 CVEs
Wp Squared
wp_squared
1 CVE

CVEs (426)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2016-10860
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
CVE-2016-10859
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
CVE-2016-10858
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
9.8 CRITICAL· v3
9.3 HIGH· v2
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
CVE-2016-10857
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
CVE-2016-10856
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
CVE-2016-10855
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
CVE-2016-10854
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
CVE-2016-10853
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
CVE-2016-10852
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
CVE-2016-10851
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
CVE-2016-10850
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
CVE-2015-9291
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
CVE-2018-20900
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
CVE-2018-20899
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
CVE-2018-20898
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
CVE-2018-20897
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
2.8 LOW· v3
3.3 LOW· v2
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
CVE-2018-20896
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
3.9 LOW· v3
3.3 LOW· v2
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
CVE-2018-20895
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
CVE-2018-20894
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
CVE-2018-20893
1Cpanel
1Cpanel
Nov 21, 2024
Aug 1, 2019
N/A· v4
2.3 LOW· v3
2.1 LOW· v2
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).