Filtered by vendor Cpanel
Subscriptions
Filtered by product Cpanel
Subscriptions
Total
417 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-18475 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | ||||
CVE-2017-18433 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | ||||
CVE-2017-18439 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | ||||
CVE-2017-18449 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | ||||
CVE-2017-18437 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | ||||
CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | ||||
CVE-2017-18429 | 1 Cpanel | 1 Cpanel | 2024-08-05 | 3.3 Low |
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | ||||
CVE-2017-18435 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | ||||
CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | ||||
CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | ||||
CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | ||||
CVE-2017-18444 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | ||||
CVE-2017-18424 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | ||||
CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | ||||
CVE-2017-18440 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | ||||
CVE-2017-18407 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). | ||||
CVE-2017-18416 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | ||||
CVE-2017-18417 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | ||||
CVE-2017-18421 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271). | ||||
CVE-2017-18423 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). |