VYPR

Cpanel

by CPanel

CVEs (413)

  • CVE-2019-14402Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).

  • CVE-2019-14401Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).

  • CVE-2019-14400Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).

  • CVE-2019-14399Jul 30, 2019
    risk 0.00cvss epss 0.00

    The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).

  • CVE-2019-14398Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).

  • CVE-2019-14397Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).

  • CVE-2019-14396Jul 30, 2019
    risk 0.00cvss epss 0.00

    API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).

  • CVE-2019-14395Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).

  • CVE-2019-14394Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).

  • CVE-2019-14393Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).

  • CVE-2019-14392Jul 30, 2019
    risk 0.00cvss epss 0.02

    cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).

  • CVE-2018-20867Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).

  • CVE-2019-14391Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).

  • CVE-2019-14390Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).

  • CVE-2019-14389Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).

  • CVE-2019-14388Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).

  • CVE-2019-14387Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).

  • CVE-2019-14386Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).

  • CVE-2008-2071May 12, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other…

  • CVE-2008-2043May 1, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2)…

Page 20 of 21