VYPR

Vendor CVEs

CPanel

All CVEs

436 total · sorted by risk
  • CVE-2016-10813Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).

  • CVE-2016-10814Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).

  • CVE-2016-10815Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).

  • CVE-2016-10816Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).

  • CVE-2016-10817Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).

  • CVE-2016-10818Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).

  • CVE-2016-10819Aug 1, 2019
    risk 0.00cvss epss 0.01

    In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).

  • CVE-2016-10820Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).

  • CVE-2016-10821Aug 1, 2019
    risk 0.00cvss epss 0.01

    In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).

  • CVE-2016-10826Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).

  • CVE-2016-10822Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).

  • CVE-2016-10823Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).

  • CVE-2016-10824Aug 1, 2019
    risk 0.00cvss epss 0.03

    cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).

  • CVE-2016-10825Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

  • CVE-2016-10827Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).

  • CVE-2016-10828Aug 1, 2019
    risk 0.00cvss epss 0.03

    cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).

  • CVE-2016-10829Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

  • CVE-2016-10830Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

  • CVE-2016-10831Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).

  • CVE-2018-20953Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).

  • CVE-2018-20952Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).

  • CVE-2018-20951Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).

  • CVE-2018-20950Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).

  • CVE-2018-20949Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).

  • CVE-2018-20948Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).

  • CVE-2018-20947Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).

  • CVE-2018-20946Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).

  • CVE-2018-20945Aug 1, 2019
    risk 0.00cvss epss 0.01

    bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).

  • CVE-2018-20944Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).

  • CVE-2016-10832Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).

  • CVE-2018-20943Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).

  • CVE-2018-20942Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).

  • CVE-2018-20941Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).

  • CVE-2016-10833Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

  • CVE-2018-20940Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).

  • CVE-2018-20939Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).

  • CVE-2018-20938Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).

  • CVE-2016-10834Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

  • CVE-2018-20937Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).

  • CVE-2016-10835Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).

  • CVE-2018-20936Aug 1, 2019
    risk 0.00cvss epss 0.00

    cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).

  • CVE-2016-10836Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).

  • CVE-2018-20935Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).

  • CVE-2018-20934Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).

  • CVE-2018-20933Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).

  • CVE-2018-20932Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).

  • CVE-2018-20931Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).

  • CVE-2018-20930Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).

  • CVE-2016-10837Aug 1, 2019
    risk 0.00cvss epss 0.02

    cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).

  • CVE-2016-10838Aug 1, 2019
    risk 0.00cvss epss 0.01

    cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).

Page 6 of 9