VYPR

Vendor CVEs

CPanel

All CVEs

436 total · sorted by risk
  • CVE-2019-14402Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).

  • CVE-2019-14401Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).

  • CVE-2019-14400Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).

  • CVE-2019-14399Jul 30, 2019
    risk 0.00cvss epss 0.00

    The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).

  • CVE-2019-14398Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).

  • CVE-2019-14397Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).

  • CVE-2019-14396Jul 30, 2019
    risk 0.00cvss epss 0.00

    API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).

  • CVE-2019-14395Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).

  • CVE-2019-14394Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).

  • CVE-2019-14393Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).

  • CVE-2019-14392Jul 30, 2019
    risk 0.00cvss epss 0.02

    cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).

  • CVE-2018-20867Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).

  • CVE-2019-14391Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).

  • CVE-2019-14390Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).

  • CVE-2019-14389Jul 30, 2019
    risk 0.00cvss epss 0.00

    cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).

  • CVE-2019-14388Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).

  • CVE-2019-14387Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).

  • CVE-2019-14386Jul 30, 2019
    risk 0.00cvss epss 0.01

    cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).

  • CVE-2008-2071May 12, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other…

  • CVE-2008-2043May 1, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2)…

  • CVE-2008-0370Jan 22, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.

  • CVE-2007-3366Jun 22, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2007-3367Jun 22, 2007
    risk 0.00cvss epss 0.01

    Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2007-0854Feb 8, 2007
    risk 0.00cvss epss 0.06

    Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but…

  • CVE-2006-6548Dec 14, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the…

  • CVE-2006-2825Jun 5, 2006
    risk 0.00cvss epss 0.01

    cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script…

  • CVE-2006-1119Mar 9, 2006
    risk 0.00cvss epss 0.01

    fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.

  • CVE-2006-0763Feb 18, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.

  • CVE-2006-0574Feb 7, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.

  • CVE-2006-0573Feb 7, 2006
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4)…

  • CVE-2006-0533Feb 4, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.

  • CVE-2005-3505Nov 5, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as , which are processed by…

  • CVE-2004-1604Sep 30, 2004
    risk 0.00cvss epss 0.01

    cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.

  • CVE-2004-0529Aug 6, 2004
    risk 0.00cvss epss 0.01

    The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or…

  • CVE-2004-1849Mar 24, 2004
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.

  • CVE-2003-1426Dec 31, 2003
    risk 0.00cvss epss 0.00

    Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious…

Page 9 of 9