Filtered by vendor Cpanel Subscriptions
Total 426 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-5615 1 Cpanel 2 Cgiecho, Cgiemail 2024-11-21 N/A
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
CVE-2017-5614 1 Cpanel 1 Cpanel 2024-11-21 6.1 Medium
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
CVE-2017-5613 1 Cpanel 2 Cgiecho, Cgiemail 2024-11-21 N/A
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
CVE-2017-18482 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
CVE-2017-18481 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
CVE-2017-18480 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
CVE-2017-18479 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
CVE-2017-18478 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
CVE-2017-18477 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
CVE-2017-18476 1 Cpanel 1 Cpanel 2024-11-21 N/A
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
CVE-2017-18475 1 Cpanel 1 Cpanel 2024-11-21 N/A
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
CVE-2017-18474 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
CVE-2017-18473 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
CVE-2017-18472 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
CVE-2017-18471 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
CVE-2017-18470 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
CVE-2017-18469 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
CVE-2017-18468 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
CVE-2017-18467 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
CVE-2017-18466 1 Cpanel 1 Cpanel 2024-11-21 N/A
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).