) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:11.48.0.8:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-18415 |
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). Published: August 02, 2019; 10:15:13 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2017-18414 |
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). Published: August 02, 2019; 10:15:13 AM -0400 |
V4.0:(not available) V3.0: 7.4 HIGH V2.0: 5.8 MEDIUM |
| CVE-2016-10818 |
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124). Published: August 01, 2019; 3:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-10849 |
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-10848 |
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
| CVE-2016-10847 |
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
| CVE-2016-10846 |
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 8.5 HIGH |
| CVE-2016-10845 |
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 6.5 MEDIUM |
| CVE-2016-10844 |
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77). Published: August 01, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-10843 |
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
| CVE-2016-10842 |
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-10841 |
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 2.1 LOW |
| CVE-2016-10840 |
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 9.0 HIGH |
| CVE-2016-10839 |
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
| CVE-2016-10838 |
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.8 MEDIUM |
| CVE-2016-10837 |
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46). Published: August 01, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 8.5 HIGH |
| CVE-2018-20923 |
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20922 |
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20921 |
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20920 |
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374). Published: August 01, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |