In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).

In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).

cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).

cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).

The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).

cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious request to certain parts of the web management interface. To send the malicious request, the attacker needs a valid login session in the web management interface as a privilege level 15 user. Depending on the configuration of the affected switch, the malicious request must be sent via HTTP or HTTPS. A successful exploit could allow the attacker to execute arbitrary shell commands with the privileges of the root user.

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user.

cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).

cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).

cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).

The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).

Firefly III 4.7.17.3 is vulnerable to local file enumeration. An attacker can enumerate local files due to the lack of protocol scheme sanitization, such as for file:/// URLs. This is related to fints_url to import/job/configuration, and import/create/fints.

cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).

In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).

cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).

cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).

cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).

cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).

cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).