) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:76.0.18:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-14404 |
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2019-14403 |
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-14402 |
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2019-14401 |
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-14400 |
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2019-14399 |
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.1 HIGH V2.0: 6.1 MEDIUM |
| CVE-2019-14398 |
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-14397 |
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2019-14396 |
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2019-14395 |
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2019-14394 |
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2019-14393 |
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
| CVE-2019-14392 |
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). Published: July 30, 2019; 10:15:15 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-14391 |
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2019-14390 |
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-14389 |
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 2.1 LOW |
| CVE-2019-14388 |
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-14387 |
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-14386 |
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2008-6927 |
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. Published: August 10, 2009; 4:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |