Filtered by vendor Cpanel
Subscriptions
Filtered by product Cpanel
Subscriptions
Total
417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18389 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318). | ||||
| CVE-2017-18383 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). | ||||
| CVE-2017-18408 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). | ||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | ||||
| CVE-2017-18398 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331). | ||||
| CVE-2017-18393 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326). | ||||
| CVE-2017-18390 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322). | ||||
| CVE-2017-18403 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337). | ||||
| CVE-2017-18384 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). | ||||
| CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | ||||
| CVE-2017-18397 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330). | ||||
| CVE-2017-18395 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 does not block a username of ssl (SEC-328). | ||||
| CVE-2017-18399 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332). | ||||
| CVE-2017-18385 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). | ||||
| CVE-2017-18402 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336). | ||||
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | ||||
| CVE-2017-18382 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | ||||
| CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2024-08-05 | 6.1 Medium |
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | ||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | ||||
| CVE-2018-20940 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | ||||