CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cpanel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2018-20938 284 2019-08-01 2019-08-09
4.0
None Remote Low Single system None Partial None
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
52 CVE-2018-20937 287 2019-08-01 2019-08-12
4.0
None Remote Low Single system None Partial None
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
53 CVE-2018-20936 320 2019-08-01 2019-08-12
2.1
None Local Low Not required Partial None None
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
54 CVE-2018-20935 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
55 CVE-2018-20934 358 2019-08-01 2019-08-12
6.4
None Remote Low Not required None Partial Partial
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
56 CVE-2018-20933 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
57 CVE-2018-20932 538 2019-08-01 2019-08-12
4.0
None Remote Low Single system Partial None None
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
58 CVE-2018-20931 94 Exec Code 2019-08-01 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
59 CVE-2018-20930 284 Bypass 2019-08-01 2019-08-12
6.4
None Remote Low Not required Partial Partial None
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
60 CVE-2018-20929 601 2019-08-01 2019-08-08
5.8
None Remote Medium Not required Partial Partial None
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
61 CVE-2018-20928 79 XSS 2019-08-01 2019-08-08
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
62 CVE-2018-20927 285 2019-08-01 2019-08-12
2.1
None Local Low Not required Partial None None
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
63 CVE-2018-20926 264 2019-08-01 2019-08-12
7.2
None Local Low Not required Complete Complete Complete
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
64 CVE-2018-20925 434 2019-08-01 2019-08-12
4.6
None Local Low Not required Partial Partial Partial
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
65 CVE-2018-20924 287 2019-08-01 2019-08-08
7.5
None Remote Low Single system Complete Partial None
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
66 CVE-2018-20923 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
67 CVE-2018-20922 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
68 CVE-2018-20921 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
69 CVE-2018-20920 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
70 CVE-2018-20919 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
71 CVE-2018-20918 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
72 CVE-2018-20917 20 2019-08-01 2019-08-01
2.1
None Local Low Not required None None Partial
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
73 CVE-2018-20916 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
74 CVE-2018-20915 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium Single system None Partial None
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
75 CVE-2018-20914 74 2019-08-01 2019-08-02
4.9
None Remote Medium Single system Partial Partial None
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
76 CVE-2018-20913 200 +Info 2019-08-01 2019-08-02
3.5
None Remote Medium Single system Partial None None
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
77 CVE-2018-20912 20 Exec Code 2019-08-01 2019-08-02
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
78 CVE-2018-20911 79 Exec Code XSS 2019-08-01 2019-08-02
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
79 CVE-2018-20910 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
80 CVE-2018-20909 254 2019-08-01 2019-08-07
3.6
None Local Low Not required Partial Partial None
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
81 CVE-2018-20908 254 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).
82 CVE-2018-20907 254 2019-08-01 2019-08-07
4.0
None Remote Low Single system None Partial None
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).
83 CVE-2018-20906 254 Bypass 2019-08-01 2019-08-07
4.0
None Remote Low Single system None Partial None
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).
84 CVE-2018-20905 254 Bypass 2019-08-01 2019-08-07
5.5
None Remote Low Single system Partial Partial None
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).
85 CVE-2018-20904 254 Bypass 2019-08-01 2019-08-07
4.0
None Remote Low Single system None Partial None
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).
86 CVE-2018-20903 79 XSS 2019-08-01 2019-08-02
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
87 CVE-2018-20902 200 +Info 2019-08-01 2019-08-02
2.1
None Local Low Not required Partial None None
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
88 CVE-2018-20901 79 XSS 2019-08-01 2019-08-02
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
89 CVE-2018-20900 79 XSS 2019-08-01 2019-08-05
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
90 CVE-2018-20899 79 XSS 2019-08-01 2019-08-08
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
91 CVE-2018-20898 74 2019-08-01 2019-08-12
4.0
None Remote Low Single system None Partial None
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
92 CVE-2018-20897 20 2019-08-01 2019-08-08
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
93 CVE-2018-20896 94 2019-08-01 2019-08-07
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
94 CVE-2018-20895 20 2019-08-01 2019-08-07
6.5
None Remote Low Single system Partial Partial Partial
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
95 CVE-2018-20894 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
96 CVE-2018-20893 20 2019-08-01 2019-08-06
2.1
None Local Low Not required None Partial None
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
97 CVE-2018-20892 19 2019-08-01 2019-08-08
4.0
None Remote Low Single system None Partial None
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
98 CVE-2018-20891 20 2019-08-01 2019-08-06
4.9
None Local Low Not required Complete None None
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
99 CVE-2018-20890 284 2019-08-01 2019-08-08
4.0
None Remote Low Single system None Partial None
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
100 CVE-2018-20889 200 +Info 2019-08-01 2019-08-07
3.6
None Local Low Not required Partial Partial None
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
Total number of vulnerabilities : 369   Page : 1 2 (This Page)3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.