Vulnerabilities (CVE)

Vendor filter

Cpanel Subscribe

Filter

339 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-18452 1 Cpanel 1 Cpanel 2019-08-14 4.6
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).
CVE-2017-18446 1 Cpanel 1 Cpanel 2019-08-14 6.5
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
CVE-2017-18400 1 Cpanel 1 Cpanel 2019-08-13 7.2
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
CVE-2017-18399 1 Cpanel 1 Cpanel 2019-08-13 4.3
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
CVE-2017-18398 1 Cpanel 1 Cpanel 2019-08-13 5.5
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
CVE-2017-18397 1 Cpanel 1 Cpanel 2019-08-13 2.1
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
CVE-2016-10814 1 Cpanel 1 Cpanel 2019-08-13 6.5
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
CVE-2017-18401 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
CVE-2016-10794 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
CVE-2016-10792 1 Cpanel 1 Cpanel 2019-08-13 6.5
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
CVE-2016-10791 1 Cpanel 1 Cpanel 2019-08-13 5.0
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
CVE-2017-18431 1 Cpanel 1 Cpanel 2019-08-13 5.0
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).
CVE-2017-18402 1 Cpanel 1 Cpanel 2019-08-13 3.5
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
CVE-2017-18404 1 Cpanel 1 Cpanel 2019-08-13 4.9
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
CVE-2017-18403 1 Cpanel 1 Cpanel 2019-08-13 6.5
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
CVE-2017-18396 1 Cpanel 1 Cpanel 2019-08-13 4.9
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
CVE-2017-18395 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
CVE-2017-18394 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
CVE-2017-18393 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
CVE-2017-18392 1 Cpanel 1 Cpanel 2019-08-13 2.1
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).