Filtered by vendor Cpanel
Subscriptions
Filtered by product Cpanel
Subscriptions
Total
417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18461 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | ||||
| CVE-2017-18406 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). | ||||
| CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | ||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | ||||
| CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | ||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | ||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | ||||
| CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | ||||
| CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | ||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | ||||
| CVE-2017-18438 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | ||||
| CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | ||||
| CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | ||||
| CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | ||||
| CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | ||||
| CVE-2017-18420 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | ||||
| CVE-2017-18387 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314). | ||||
| CVE-2017-18422 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | ||||
| CVE-2017-18425 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | ||||
| CVE-2017-18410 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | ||||