Filtered by vendor Cpanel
Subscriptions
Total
426 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-18454 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | ||||
CVE-2017-18456 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | ||||
CVE-2017-18459 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | ||||
CVE-2017-18469 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | ||||
CVE-2017-18478 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | ||||
CVE-2017-18433 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | ||||
CVE-2017-18475 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | ||||
CVE-2017-18439 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | ||||
CVE-2017-18449 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | ||||
CVE-2017-18437 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | ||||
CVE-2017-18429 | 1 Cpanel | 1 Cpanel | 2024-08-05 | 3.3 Low |
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | ||||
CVE-2017-18442 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | ||||
CVE-2017-18435 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | ||||
CVE-2017-18450 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | ||||
CVE-2017-18453 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | ||||
CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | ||||
CVE-2017-18444 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | ||||
CVE-2017-18424 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274). | ||||
CVE-2017-18426 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | ||||
CVE-2017-18440 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). |