Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-18472 |
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18471 |
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-18470 |
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 4.0 MEDIUM |
CVE-2017-18469 |
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2016-10775 |
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 6.8 MEDIUM |
CVE-2016-10774 |
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-10773 |
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-10772 |
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2016-10771 |
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.5 MEDIUM |
CVE-2016-10770 |
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2016-10769 |
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2016-10768 |
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.5 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2016-10767 |
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159). Published: August 05, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-14663 |
Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code. Published: August 05, 2019; 8:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14662 |
Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code. Published: August 05, 2019; 8:15:12 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14525 |
In Octopus Deploy 2019.4.0 through 2019.6.x before 2019.6.6, and 2019.7.x before 2019.7.6, an authenticated system administrator is able to view sensitive values by visiting a server configuration page or making an API call. Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 4.9 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2019-14521 |
The api/admin/logoupload Logo File upload feature in EMCA Energy Logserver 6.1.2 allows attackers to send any kind of file to any location on the server via path traversal in the filename parameter. Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-18468 |
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232). Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2017-18467 |
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-18466 |
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). Published: August 05, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 2.7 LOW V2.0: 4.0 MEDIUM |