CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:cpanel:cpanel:56.0.17:*:*:*:*:*:*:*
Informations
Vendor
cpanelProduct
cpanelVersion
56.0.17Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). | 7.2 |
High |
||
| The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). | 7.2 |
High |
||
| In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). | 7.5 |
High |
||
| In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587). | 8.1 |
High |
||
| cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581). | 6.1 |
Medium |
||
| cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578). | 7.5 |
High |
||
| cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579). | 7.5 |
High |
||
| cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). | 6.1 |
Medium |
||
| cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). | 4.1 |
Medium |
||
| cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | 9.8 |
Critical |
||
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | 7.5 |
High |
||
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | 9.8 |
Critical |
||
| In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | 9.8 |
Critical |
||
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | 7.5 |
High |
||
| In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | 7.5 |
High |
||
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | 7.5 |
High |
||
| In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554). | 9.8 |
Critical |
||
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | 7.5 |
High |
||
| cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | 7.5 |
High |
||
| cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | 9.8 |
Critical |
||
| cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | 7.5 |
High |
||
| cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564). | 6.1 |
Medium |
||
| cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566). | 6.1 |
Medium |
||
| The email quota cache in cPanel before 90.0.10 allows overwriting of files. | 7.5 |
High |
||
| cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569). | 6.1 |
Medium |
||
| cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573). | 6.1 |
Medium |
||
| cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574). | 6.1 |
Medium |
||
| cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). | 7.2 |
High |
||
| cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). | 9.8 |
Critical |
||
| cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528). | 6.1 |
Medium |
||
| cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142). | 8.8 |
High |
||
| cPanel before 58.0.4 has improper session handling for shared users (SEC-139). | 8.8 |
High |
||
| cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138). | 7.8 |
High |
||
| cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137). | 5.5 |
Medium |
||
| cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134). | 6.8 |
Medium |
||
| cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133). | 4.3 |
Medium |
||
| cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130). | 3.3 |
Low |
||
| cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156). | 6.1 |
Medium |
||
| cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154). | 6.5 |
Medium |
||
| cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152). | 8.8 |
High |
||
| cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141). | 8.8 |
High |
||
| cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192). | 7.5 |
High |
||
| cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191). | 8.8 |
High |
||
| cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188). | 8.8 |
High |
||
| The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | 8.1 |
High |
||
| cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186). | 6.5 |
Medium |
||
| cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185). | 6.5 |
Medium |
||
| cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174). | 5.4 |
Medium |
||
| cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). | 6.5 |
Medium |
||
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | 3.3 |
Low |
||
| cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). | 8.1 |
High |
||
| cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). | 6.5 |
Medium |
||
| cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). | 6.1 |
Medium |
||
| cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). | 6.5 |
Medium |
||
| cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). | 5.4 |
Medium |
||
| cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213). | 6.5 |
Medium |
||
| cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211). | 5.4 |
Medium |
||
| cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | 6.5 |
Medium |
||
| In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | 6.5 |
Medium |
||
| In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207). | 6.5 |
Medium |
||
| In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | 6.5 |
Medium |
||
| Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | 7.5 |
High |
||
| In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | 8.8 |
High |
||
| cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201). | 6.5 |
Medium |
||
| cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199). | 5.4 |
Medium |
||
| cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). | 6.1 |
Medium |
||
| cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). | 5.4 |
Medium |
||
| cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). | 8.8 |
High |
||
| cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). | 6.3 |
Medium |
||
| cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). | 6.3 |
Medium |
||
| cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | 4.3 |
Medium |
||
| cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | 4.4 |
Medium |
||
| cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | 2.7 |
Low |
||
| cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226). | 4.9 |
Medium |
||
| cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | 7.5 |
High |
||
| cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225). | 7.8 |
High |
||
| cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223). | 4.3 |
Medium |
||
| cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220). | 7.8 |
High |
||
| cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219). | 3.3 |
Low |
||
| cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218). | 4.4 |
Medium |
||
| cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217). | 6.1 |
Medium |
||
| In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208). | 2.7 |
Low |
||
| cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262). | 5.4 |
Medium |
||
| cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260). | 4.9 |
Medium |
||
| cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259). | 6.7 |
Medium |
||
| cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257). | 5.3 |
Medium |
||
| cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255). | 4.5 |
Medium |
||
| cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254). | 5.5 |
Medium |
||
| cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252). | 5.3 |
Medium |
||
| cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251). | 6.3 |
Medium |
||
| cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). | 6.3 |
Medium |
||
| cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | 4.3 |
Medium |
||
| cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248). | 5.3 |
Medium |
||
| cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | 5.8 |
Medium |
||
| cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246). | 5.3 |
Medium |
||
| cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | 5 |
Medium |
||
| cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244). | 4.3 |
Medium |
||
| cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243). | 6.3 |
Medium |
||
| cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242). | 6.3 |
Medium |
||
| cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240). | 4.4 |
Medium |
||
| cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239). | 3.5 |
Low |
||
| cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238). | 7.3 |
High |
||
| cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237). | 7.8 |
High |
||
| cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236). | 8.8 |
High |
||
| In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234). | 7.8 |
High |
||
| In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294). | 4.7 |
Medium |
||
| In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | 3.3 |
Low |
||
| In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). | 2.5 |
Low |
||
| In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289). | 3.3 |
Low |
||
| cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288). | 2.7 |
Low |
||
| In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280). | 2.5 |
Low |
||
| In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273). | 3.3 |
Low |
||
| In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272). | 3.3 |
Low |
||
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269). | 5.4 |
Medium |
||
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266). | 5.4 |
Medium |
||
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265). | 5.4 |
Medium |
||
| cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263). | 5.4 |
Medium |
||
| cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303). | 5.5 |
Medium |
||
| cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | 7.8 |
High |
||
| cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | 7.4 |
High |
||
| In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299). | 7.8 |
High |
||
| cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296). | 2.5 |
Low |
||
| The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285). | 6.8 |
Medium |
||
| In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284). | 6.5 |
Medium |
||
| In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283). | 6.5 |
Medium |
||
| cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282). | 5.4 |
Medium |
||
| cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). | 6.1 |
Medium |
||
| cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). | 6.1 |
Medium |
||
| cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). | 6.1 |
Medium |
||
| cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). | 6.1 |
Medium |
||
| cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373). | 6.1 |
Medium |
||
| cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372). | 6.1 |
Medium |
||
| cPanel before 70.0.23 allows any user to disable Solr (SEC-371). | 5.5 |
Medium |
||
| cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370). | 5.4 |
Medium |
||
| cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369). | 5.4 |
Medium |
||
| In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368). | 7.3 |
High |
||
| cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364). | 4.9 |
Medium |
||
| cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | 6.3 |
Medium |
||
| cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359). | 7.2 |
High |
||
| cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357). | 6.1 |
Medium |
||
| cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421). | 6.1 |
Medium |
||
| cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408). | 5.5 |
Medium |
||
| cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400). | 6.1 |
Medium |
||
| cPanel before 74.0.0 allows SQL injection during database backups (SEC-420). | 9.8 |
Critical |
||
| cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416). | 5.3 |
Medium |
||
| cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367). | 5.4 |
Medium |
||
| cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). | 6.5 |
Medium |
||
| cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446). | 5.4 |
Medium |
||
| cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445). | 3.3 |
Low |
||
| cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). | 6.3 |
Medium |
||
| cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441). | 5.4 |
Medium |
||
| cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437). | 5.4 |
Medium |
||
| cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434). | 5.4 |
Medium |
||
| cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433). | 5.4 |
Medium |
||
| The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). | 5.5 |
Medium |
||
| cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). | 7.8 |
High |
||
| cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). | 7.8 |
High |
||
| cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). | 6.1 |
Medium |
||
| cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). | 6.1 |
Medium |
||
| cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). | 6.1 |
Medium |
||
| cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). | 6.5 |
Medium |
||
| cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). | 9.8 |
Critical |
||
| In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478). | 3.3 |
Low |
||
| cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476). | 4.3 |
Medium |
||
| Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474). | 3.3 |
Low |
||
| cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473). | 5.3 |
Medium |
||
| Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472). | 3.3 |
Low |
||
| cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466). | 5.5 |
Medium |
||
| cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460). | 4.3 |
Medium |
||
| cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415). | 2.7 |
Low |
||
| cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493). | 6.1 |
Medium |
||
| cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487). | 8.8 |
High |
||
| cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). | 5.5 |
Medium |
||
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | 4.3 |
Medium |
||
| cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). | 3.3 |
Low |
||
| cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). | 8.8 |
High |
||
| cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). | 7.8 |
High |
||
| The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). | 7.1 |
High |
||
| cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). | 8.8 |
High |
||
| cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). | 5.3 |
Medium |
||
| API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). | 3.3 |
Low |
||
| cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). | 3.3 |
Low |
||
| cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). | 5.5 |
Medium |
||
| cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). | 5.3 |
Medium |
||
| cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). | 8.8 |
High |
||
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | 6.1 |
Medium |
||
| cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). | 3.3 |
Low |
||
| cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). | 5.4 |
Medium |
||
| cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). | 7.8 |
High |
||
| cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). | 7.5 |
High |
||
| cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). | 6.1 |
Medium |
||
| cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). | 5.4 |
Medium |
||
| cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. | 6.1 |
Medium |
||
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | 6.1 |
Medium |
||
| Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory. | 6.8 |
|||
| Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. | 4.3 |
|||
| Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. | 5 |
|||
| cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. | 5.1 |
|||
| fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message. | 4 |
|||
| Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter. | 4.3 |
