Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:cpanel:cpanel:66.0.13:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-18386 |
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313). Published: August 02, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 9.0 HIGH |
CVE-2017-18385 |
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311). Published: August 02, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2017-18384 |
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310). Published: August 02, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.8 LOW V2.0: 2.1 LOW |
CVE-2017-18383 |
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309). Published: August 02, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2017-18382 |
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). Published: August 02, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 2.7 LOW V2.0: 4.0 MEDIUM |
CVE-2018-20953 |
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20952 |
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2018-20951 |
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20950 |
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20949 |
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20948 |
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). Published: August 01, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-20947 |
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2018-20946 |
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20945 |
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.7 MEDIUM V2.0: 7.9 HIGH |
CVE-2018-20944 |
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20943 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
CVE-2018-20942 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 2.5 LOW V2.0: 1.9 LOW |
CVE-2018-20940 |
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20939 |
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2018-20937 |
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). Published: August 01, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |