U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpanel
  • Search Type: Search All
There are 432 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2017-18411

The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 6.8 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-18410

In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-18409

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-18408

cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18407

cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 4.8 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2017-18406

cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-18405

cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-18404

cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 3.1 LOW
V2.0: 4.9 MEDIUM
CVE-2017-18403

cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).

Published: August 02, 2019; 10:15:13 AM -0400
V3.0: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2017-18402

cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-18401

cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2017-18400

cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 3.7 LOW
V2.0: 4.3 MEDIUM
CVE-2017-18398

DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 3.8 LOW
V2.0: 5.5 MEDIUM
CVE-2017-18397

cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2017-18396

cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2017-18395

cPanel before 68.0.15 does not block a username of ssl (SEC-328).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2017-18394

cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2017-18393

cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 2.7 LOW
V2.0: 4.0 MEDIUM
CVE-2017-18392

cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).

Published: August 02, 2019; 10:15:12 AM -0400
V3.0: 2.0 LOW
V2.0: 2.1 LOW