cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.43%
Published
2020-09-25
Updated
2020-09-29
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.31%
Published
2020-09-25
Updated
2021-07-21
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.31%
Published
2020-09-25
Updated
2021-07-21
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-09-25
Updated
2020-09-29
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.89%
Published
2020-09-25
Updated
2020-09-29
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.36%
Published
2020-03-17
Updated
2020-03-19
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.60%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
Source: MITRE
Max CVSS
9.8
EPSS Score
1.36%
Published
2020-03-17
Updated
2020-03-19
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
Source: MITRE
Max CVSS
9.1
EPSS Score
0.17%
Published
2020-03-17
Updated
2020-03-19
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
Source: MITRE
Max CVSS
9.1
EPSS Score
0.17%
Published
2020-03-17
Updated
2021-07-21
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.11%
Published
2020-03-17
Updated
2021-07-21
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.19%
Published
2020-03-17
Updated
2020-08-24
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.14%
Published
2019-08-01
Updated
2019-08-01
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.68%
Published
2019-07-30
Updated
2019-07-31
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.09%
Published
2019-08-02
Updated
2019-08-09
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.11%
Published
2019-08-02
Updated
2019-08-12
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.11%
Published
2019-08-02
Updated
2019-08-06
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.48%
Published
2019-08-01
Updated
2019-08-09
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
Source: MITRE
Max CVSS
10.0
EPSS Score
0.48%
Published
2019-08-01
Updated
2019-08-06
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-08-01
Updated
2019-08-06
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-08-01
Updated
2019-08-08
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.11%
Published
2019-08-01
Updated
2019-08-12
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.09%
Published
2019-08-01
Updated
2019-08-07
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
Source: MITRE
Max CVSS
9.8
EPSS Score
0.48%
Published
2019-08-01
Updated
2019-08-07
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
Source: MITRE
Max CVSS
9.0
EPSS Score
0.10%
Published
2019-08-01
Updated
2019-08-07
38 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!