VYPR

Cpanel

by CPanel

CVEs (413)

  • CVE-2017-18473Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).

  • CVE-2017-18472Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).

  • CVE-2017-18471Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).

  • CVE-2017-18470Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).

  • CVE-2017-18469Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).

  • CVE-2017-18468Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

  • CVE-2017-18467Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).

  • CVE-2017-18465Aug 5, 2019
    risk 0.00cvss epss 0.00

    cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).

  • CVE-2017-18466Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).

  • CVE-2017-18464Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).

  • CVE-2017-18462Aug 5, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).

  • CVE-2017-18463Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).

  • CVE-2017-18461Aug 2, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).

  • CVE-2017-18460Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).

  • CVE-2017-18459Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).

  • CVE-2017-18458Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).

  • CVE-2017-18457Aug 2, 2019
    risk 0.00cvss epss 0.00

    cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).

  • CVE-2017-18456Aug 2, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).

  • CVE-2017-18455Aug 2, 2019
    risk 0.00cvss epss 0.01

    In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).

  • CVE-2017-18454Aug 2, 2019
    risk 0.00cvss epss 0.01

    cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).

Page 8 of 21