) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:11.51.9999.128:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-14394 |
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2019-14393 |
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
| CVE-2018-20870 |
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467). Published: July 30, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2018-20869 |
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
| CVE-2018-20868 |
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20866 |
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20865 |
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20864 |
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
| CVE-2018-20863 |
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2018-20862 |
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366). Published: July 30, 2019; 11:15:10 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 2.1 LOW |
| CVE-2019-14392 |
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501). Published: July 30, 2019; 10:15:15 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-20867 |
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). Published: July 30, 2019; 10:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2019-14391 |
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
| CVE-2019-14390 |
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-14389 |
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 2.1 LOW |
| CVE-2019-14388 |
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-14387 |
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-14386 |
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504). Published: July 30, 2019; 9:15:18 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-16236 |
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering. Published: August 30, 2018; 6:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2008-6927 |
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. Published: August 10, 2009; 4:30:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |