Filtered by vendor Cpanel
Subscriptions
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18455 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | ||||
| CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | ||||
| CVE-2017-18412 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | ||||
| CVE-2017-18448 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | ||||
| CVE-2017-18392 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325). | ||||
| CVE-2017-18461 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | ||||
| CVE-2017-18406 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276). | ||||
| CVE-2017-18481 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | ||||
| CVE-2017-18391 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323). | ||||
| CVE-2017-18430 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | ||||
| CVE-2017-18427 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | ||||
| CVE-2017-18404 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341). | ||||
| CVE-2017-18468 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | ||||
| CVE-2017-18436 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | ||||
| CVE-2017-18396 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329). | ||||
| CVE-2017-18438 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | ||||
| CVE-2017-18386 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). | ||||
| CVE-2017-18431 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941). | ||||
| CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | ||||
| CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | ||||