CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cpanel » Cpanel » 55.9999.162 : Security Vulnerabilities

Cpe Name:cpe:/a:cpanel:cpanel:55.9999.162
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-10767 79 XSS 2019-08-05 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
2 CVE-2016-10768 20 2019-08-05 2019-08-08
5.5
None Remote Low Single system None Partial Partial
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).
3 CVE-2016-10769 601 2019-08-05 2019-08-08
5.8
None Remote Medium Not required Partial Partial None
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).
4 CVE-2016-10770 20 2019-08-05 2019-08-09
5.5
None Remote Low Single system None Partial Partial
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
5 CVE-2016-10771 20 2019-08-05 2019-08-09
5.5
None Remote Low Single system Partial Partial None
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
6 CVE-2016-10772 254 2019-08-05 2019-08-09
2.1
None Local Low Not required None Partial None
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
7 CVE-2016-10775 20 2019-08-05 2019-08-12
6.8
None Remote Low Single system Complete None None
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
8 CVE-2016-10776 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
9 CVE-2016-10777 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
10 CVE-2016-10778 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
11 CVE-2016-10779 79 XSS 2019-08-06 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
12 CVE-2016-10780 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
13 CVE-2016-10781 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
14 CVE-2016-10782 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
15 CVE-2016-10783 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
16 CVE-2016-10784 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium Single system None Partial None
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
17 CVE-2016-10785 200 +Info 2019-08-06 2019-08-08
4.0
None Remote Low Single system Partial None None
cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).
18 CVE-2016-10786 200 +Info 2019-08-06 2019-08-09
4.0
None Remote Low Single system Partial None None
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).
19 CVE-2016-10787 20 2019-08-06 2019-08-09
5.5
None Remote Low Single system Partial Partial None
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
20 CVE-2016-10788 20 Exec Code 2019-08-06 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
21 CVE-2016-10789 20 Exec Code 2019-08-06 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
22 CVE-2016-10790 200 +Info 2019-08-06 2019-08-12
5.0
None Remote Low Not required Partial None None
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).
23 CVE-2016-10792 284 Exec Code 2019-08-06 2019-08-13
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
24 CVE-2016-10793 20 Exec Code 2019-08-06 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
25 CVE-2016-10794 200 +Info 2019-08-06 2019-08-13
4.0
None Remote Low Single system Partial None None
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
26 CVE-2016-10795 79 XSS 2019-08-06 2019-08-12
4.3
None Remote Medium Not required None Partial None
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
27 CVE-2016-10796 275 2019-08-06 2019-08-13
2.1
None Local Low Not required Partial None None
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
28 CVE-2016-10797 200 +Info 2019-08-06 2019-08-13
4.0
None Remote Low Single system Partial None None
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).
29 CVE-2016-10798 362 2019-08-07 2019-08-13
4.9
None Remote Medium Single system Partial Partial None
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).
30 CVE-2016-10799 284 2019-08-07 2019-08-13
2.1
None Local Low Not required None Partial None
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
31 CVE-2016-10800 20 2019-08-07 2019-08-12
6.8
None Remote Medium Not required Partial Partial Partial
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
32 CVE-2016-10801 74 2019-08-07 2019-08-12
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
33 CVE-2016-10802 284 Exec Code 2019-08-07 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
34 CVE-2016-10804 20 2019-08-07 2019-08-09
8.7
None Remote Low Single system Complete Complete Partial
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
35 CVE-2016-10805 20 Exec Code 2019-08-07 2019-08-09
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
36 CVE-2016-10806 79 XSS 2019-08-07 2019-08-09
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
37 CVE-2016-10807 20 2019-08-07 2019-08-09
4.0
None Remote Low Single system None None Partial
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
38 CVE-2016-10808 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
39 CVE-2016-10809 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
40 CVE-2016-10810 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
41 CVE-2016-10811 200 +Info 2019-08-07 2019-08-09
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
42 CVE-2016-10812 20 2019-08-07 2019-08-12
9.0
None Remote Low Single system Complete Complete Complete
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
43 CVE-2016-10813 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium Single system None Partial None
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
44 CVE-2016-10814 20 2019-08-01 2019-08-13
6.5
None Remote Low Single system Partial Partial Partial
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
45 CVE-2016-10815 200 +Info 2019-08-01 2019-08-05
4.0
None Remote Low Single system Partial None None
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
46 CVE-2016-10818 275 2019-08-01 2019-08-05
4.0
None Remote Low Single system Partial None None
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
47 CVE-2017-18408 79 XSS 2019-08-02 2019-08-12
3.5
None Remote Medium Single system None Partial None
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
48 CVE-2017-18409 20 2019-08-02 2019-08-12
4.0
None Remote Low Single system Partial None None
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
49 CVE-2017-18410 20 2019-08-02 2019-08-12
4.0
None Remote Low Single system Partial None None
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
50 CVE-2017-18411 20 2019-08-02 2019-08-12
4.0
None Remote Low Single system Partial None None
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
Total number of vulnerabilities : 177   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.