Cpanel Security Vulnerabilities

CVE-2016-10836

cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav...

CVE-2016-10842

cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl...

CVE-2018-20933

cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action...

CVE-2016-10837

cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path...

CVE-2016-10846

cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions...

CVE-2016-10844

The chcpass script in cPanel before 11.54.0.4 reveals a password hash...

CVE-2018-20934

cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts...

CVE-2016-10840

cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication...

CVE-2016-10843

cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API...

CVE-2016-10847

cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath...

CVE-2016-10841

The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes...

CVE-2016-10849

cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit...

CVE-2018-20935

cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action...

CVE-2016-10839

cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames...

CVE-2016-10838

cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script...

CVE-2016-10845

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable...

CVE-2016-10848

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck...

CVE-2018-20925

cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface...

CVE-2018-20927

cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing...

CVE-2018-20929

cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint...

CVE-2018-20931

cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page...

CVE-2018-20926

cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface...

CVE-2018-20930

cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled...

CVE-2018-20932

cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains...

CVE-2018-20904

cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction...

CVE-2018-20915

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action...

CVE-2018-20917

cPanel before 70.0.23 allows any user to disable Solr...

CVE-2018-20923

cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action...

CVE-2016-10854

cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface...

CVE-2016-10859

cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands...

CVE-2016-10858

cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning...

CVE-2016-10856

cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds...

CVE-2016-10860

cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API...

CVE-2018-20918

cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster...

CVE-2018-20921

cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action...

CVE-2018-20916

cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry...

CVE-2018-20922

cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action...

CVE-2018-20903

cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface...

CVE-2018-20908

cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling...

CVE-2018-20905

cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction...

CVE-2018-20907

cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction...

CVE-2018-20913

cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi...

CVE-2018-20912

cPanel before 70.0.23 allows demo accounts to execute code via awstats...

CVE-2018-20911

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup...

CVE-2018-20919

cPanel before 70.0.23 allows stored XSS via a WHM Create Account action...

CVE-2016-10855

cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd...

CVE-2015-9291

cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications...

CVE-2018-20901

cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface...

CVE-2018-20906

cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction...

CVE-2018-20910

cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface...