Filtered by vendor Cpanel
Subscriptions
Total
426 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18401 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334). | ||||
| CVE-2017-18382 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | ||||
| CVE-2017-11441 | 1 Cpanel | 1 Whm | 2024-08-05 | N/A |
| The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. | ||||
| CVE-2017-5613 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2024-08-05 | N/A |
| Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. | ||||
| CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2024-08-05 | 6.1 Medium |
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | ||||
| CVE-2017-5616 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2024-08-05 | N/A |
| Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | ||||
| CVE-2017-5615 | 1 Cpanel | 2 Cgiecho, Cgiemail | 2024-08-05 | N/A |
| cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | ||||
| CVE-2018-20939 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | ||||
| CVE-2018-20940 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | ||||
| CVE-2018-20943 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | ||||
| CVE-2018-20951 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | ||||
| CVE-2018-20953 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | ||||
| CVE-2018-20948 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | ||||
| CVE-2018-20945 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | ||||
| CVE-2018-20947 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | ||||
| CVE-2018-20942 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | ||||
| CVE-2018-20944 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | ||||
| CVE-2018-20946 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | ||||
| CVE-2018-20949 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | ||||
| CVE-2018-20952 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). | ||||