VYPR

Cpanel

by CPanel

CVEs (413)

  • CVE-2017-18393Aug 2, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).

  • CVE-2017-18392Aug 2, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).

  • CVE-2017-18391Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).

  • CVE-2017-18390Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).

  • CVE-2017-18388Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).

  • CVE-2017-18387Aug 2, 2019
    risk 0.00cvss epss 0.02

    cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).

  • CVE-2017-18386Aug 2, 2019
    risk 0.00cvss epss 0.02

    cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).

  • CVE-2017-18385Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).

  • CVE-2017-18384Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).

  • CVE-2017-18383Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).

  • CVE-2017-18382Aug 2, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).

  • CVE-2016-10813Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).

  • CVE-2016-10814Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).

  • CVE-2016-10815Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).

  • CVE-2016-10816Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).

  • CVE-2016-10817Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).

  • CVE-2016-10818Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).

  • CVE-2016-10819Aug 1, 2019
    risk 0.00cvss epss 0.01

    In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

  • CVE-2016-10820Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).

  • CVE-2016-10821Aug 1, 2019
    risk 0.00cvss epss 0.01

    In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

Page 12 of 21