Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-10842 |
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-20917 |
cPanel before 70.0.23 allows any user to disable Solr (SEC-371). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-20912 |
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). Published: August 01, 2019; 11:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2016-10858 |
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64). Published: August 01, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 9.3 HIGH |
CVE-2016-10855 |
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91). Published: August 01, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2016-10850 |
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). Published: August 01, 2019; 11:15:12 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
CVE-2018-20897 |
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). Published: August 01, 2019; 10:15:12 AM -0400 |
V4.0:(not available) V3.0: 2.8 LOW V2.0: 3.3 LOW |
CVE-2018-20895 |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). Published: August 01, 2019; 10:15:12 AM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-20893 |
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442). Published: August 01, 2019; 10:15:12 AM -0400 |
V4.0:(not available) V3.0: 2.3 LOW V2.0: 2.1 LOW |
CVE-2018-20891 |
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). Published: August 01, 2019; 10:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2015-7559 |
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. Published: August 01, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.1: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2018-20883 |
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449). Published: August 01, 2019; 9:15:13 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-20882 |
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 6.6 MEDIUM |
CVE-2018-20879 |
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2018-20873 |
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). Published: August 01, 2019; 9:15:12 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2007-6763 |
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. Published: July 31, 2019; 2:15:10 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-20861 |
libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20860 |
libopenmpt before 0.3.13 allows a crash with malformed MED files. Published: July 30, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20869 |
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-20864 |
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.4 MEDIUM |