Filtered by vendor Cpanel
Subscriptions
Filtered by product Cpanel
Subscriptions
Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-20922 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | ||||
CVE-2018-20879 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | ||||
CVE-2018-20930 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | ||||
CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | ||||
CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | ||||
CVE-2018-20883 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | ||||
CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | ||||
CVE-2018-20862 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | ||||
CVE-2018-20887 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | ||||
CVE-2018-20926 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | ||||
CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | ||||
CVE-2018-20920 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | ||||
CVE-2018-20910 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | ||||
CVE-2018-20881 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | ||||
CVE-2018-20932 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | ||||
CVE-2018-20885 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | ||||
CVE-2018-20870 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | ||||
CVE-2018-20923 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | ||||
CVE-2018-20928 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | ||||
CVE-2018-20874 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428). |