cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).

cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).

cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).

cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).

cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).

cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).

cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).

cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).

cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).

cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).

The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).

cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).

The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).