cPanel 91.9999.79

CPE Details

cPanel 91.9999.79
cpanel
cpanel
91.9999.79
2021-02-01
17h45 +00:00
2021-02-01
17h45 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cpanel:cpanel:91.9999.79:*:*:*:*:*:*:*

Informations

Vendor

cpanel

Product

cpanel

Version

91.9999.79

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-38584 2021-08-11 20h56 +00:00 The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
7.2
High
CVE-2021-38585 2021-08-11 20h55 +00:00 The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
7.2
High
CVE-2021-38587 2021-08-11 20h55 +00:00 In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
7.5
High
CVE-2021-38588 2021-08-11 20h55 +00:00 In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
8.1
High
CVE-2021-31803 2021-04-26 05h30 +00:00 cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
6.1
Medium
CVE-2021-26266 2021-01-26 02h35 +00:00 cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
7.5
High
CVE-2021-26267 2021-01-26 02h35 +00:00 cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
7.5
High
CVE-2008-6926 2009-08-10 18h00 +00:00 Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
6.8
CVE-2008-6927 2009-08-10 18h00 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
4.3
CVE-2009-2275 2009-07-01 10h26 +00:00 Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
5
CVE-2006-2825 2006-06-05 15h00 +00:00 cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
5.1
CVE-2006-1119 2006-03-09 19h00 +00:00 fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
4
CVE-2006-0763 2006-02-18 01h00 +00:00 Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
4.3
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.