CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cpanel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2016-10842 20 2019-08-01 2019-08-12
4.0
None Remote Low Single system Partial None None
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
252 CVE-2016-10841 199 2019-08-01 2019-08-08
2.1
None Remote High Single system Partial None None
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).
253 CVE-2016-10840 668 Exec Code 2019-08-01 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
254 CVE-2016-10839 89 Sql 2019-08-01 2019-08-13
5.5
None Remote Low Single system Partial Partial None
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
255 CVE-2016-10838 284 2019-08-01 2019-08-13
6.8
None Remote Low Single system Complete None None
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
256 CVE-2016-10837 426 Exec Code 2019-08-01 2019-08-08
8.5
None Remote Medium Single system Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
257 CVE-2016-10836 287 2019-08-01 2019-08-13
4.0
None Remote Low Single system Partial None None
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
258 CVE-2016-10835 287 Bypass 2019-08-01 2019-08-12
4.0
None Remote Low Single system Partial None None
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
259 CVE-2016-10834 358 Bypass 2019-08-01 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
260 CVE-2016-10833 287 2019-08-01 2019-08-12
5.0
None Remote Low Not required Partial None None
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
261 CVE-2016-10832 287 Bypass 2019-08-01 2019-08-12
4.0
None Remote Low Single system Partial None None
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
262 CVE-2016-10831 287 2019-08-01 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
263 CVE-2016-10830 284 Bypass 2019-08-01 2019-08-12
5.5
None Remote Low Single system Partial Partial None
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
264 CVE-2016-10829 552 2019-08-01 2019-08-12
6.8
None Remote Low Single system Complete None None
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
265 CVE-2016-10828 22 Exec Code Dir. Trav. 2019-08-01 2019-08-07
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
266 CVE-2016-10827 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
267 CVE-2016-10826 287 Bypass 2019-08-01 2019-08-05
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
268 CVE-2016-10825 358 Bypass 2019-08-01 2019-08-12
5.5
None Remote Low Single system Partial Partial None
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
269 CVE-2016-10824 20 Exec Code 2019-08-01 2019-08-07
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
270 CVE-2016-10823 20 Exec Code 2019-08-01 2019-08-07
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
271 CVE-2016-10822 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium Single system None Partial None
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
272 CVE-2016-10821 255 2019-08-01 2019-08-05
4.0
None Remote Low Single system Partial None None
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
273 CVE-2016-10820 284 2019-08-01 2019-08-05
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
274 CVE-2016-10819 532 2019-08-01 2019-08-05
4.0
None Remote Low Single system Partial None None
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
275 CVE-2016-10818 275 2019-08-01 2019-08-05
4.0
None Remote Low Single system Partial None None
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
276 CVE-2016-10817 89 Sql 2019-08-01 2019-08-05
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
277 CVE-2016-10816 20 Exec Code 2019-08-01 2019-08-05
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
278 CVE-2016-10815 200 +Info 2019-08-01 2019-08-05
4.0
None Remote Low Single system Partial None None
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
279 CVE-2016-10814 20 2019-08-01 2019-08-13
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
280 CVE-2016-10813 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
281 CVE-2016-10812 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
282 CVE-2016-10811 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
283 CVE-2016-10810 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
284 CVE-2016-10809 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
285 CVE-2016-10808 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
286 CVE-2016-10807 20 2019-08-07 2019-08-09
4.0
None Remote Low Single system None None Partial
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
287 CVE-2016-10806 79 XSS 2019-08-07 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
288 CVE-2016-10805 20 Exec Code 2019-08-07 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
289 CVE-2016-10804 20 2019-08-07 2019-08-09
8.7
None Remote Low Single system Complete Complete Partial
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
290 CVE-2016-10803 93 2019-08-07 2019-08-12
5.0
None Remote Low Not required None Partial None
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
291 CVE-2016-10802 284 Exec Code 2019-08-07 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
292 CVE-2016-10801 74 2019-08-07 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
293 CVE-2016-10800 20 2019-08-07 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
294 CVE-2016-10799 284 2019-08-07 2019-08-13
2.1
None Local Low Not required None Partial None
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
295 CVE-2016-10798 362 2019-08-07 2019-08-13
4.9
None Remote Medium Single system Partial Partial None
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).
296 CVE-2016-10797 200 +Info 2019-08-06 2019-08-13
4.0
None Remote Low Single system Partial None None
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).
297 CVE-2016-10796 275 2019-08-06 2019-08-13
2.1
None Local Low Not required Partial None None
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
298 CVE-2016-10795 79 XSS 2019-08-06 2019-08-12
4.3
None Remote Medium Not required None Partial None
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
299 CVE-2016-10794 200 +Info 2019-08-06 2019-08-13
4.0
None Remote Low Single system Partial None None
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
300 CVE-2016-10793 20 Exec Code 2019-08-06 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
Total number of vulnerabilities : 369   Page : 1 2 3 4 5 6 (This Page)7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.