cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
Max CVSS
5.8
EPSS Score
0.08%
Published
2019-08-02
Updated
2019-08-12
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).
Max CVSS
5.8
EPSS Score
0.08%
Published
2019-08-02
Updated
2019-08-08
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
Max CVSS
5.6
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-08
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
Max CVSS
5.5
EPSS Score
0.05%
Published
2004-10-18
Updated
2024-01-26
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-07
Updated
2019-08-13
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-06
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-13
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-08-02
Updated
2019-08-13
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-12
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-12
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-02
Updated
2019-08-08
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-08-05
Updated
2019-08-12
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-07-30
Updated
2019-07-31
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-07
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-06
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-02
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-08-01
Updated
2020-08-24
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2020-08-24
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-01
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-08-01
Updated
2019-08-08
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-07-30
Updated
2021-07-21
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-07-30
Updated
2021-07-21
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-07-30
Updated
2021-07-21
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-03-16
Updated
2020-08-24
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
Max CVSS
5.5
EPSS Score
0.04%
Published
2020-03-17
Updated
2020-03-19
90 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!