EUVD-2016-1777

Malware in sbrugna...

CVE-2016-10782

cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs SEC-181...

CVE-2016-10770

cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update SEC-164...

cPanel Information Disclosure Vulnerability (CNVD-2019-27022)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An information disclosure vulnerability exists in versions of cPanel prior to 60.0.25. The vulnerability stems from an error in t...

cPanel cross-site scripting vulnerability (CNVD-2019-27018)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the UIconfirm API in cPanel versions prior to 60.0.25. The vulnerability stems fro...

cPanel cross-site scripting vulnerability (CNVD-2019-26832)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 60.0.25. The vulnerability stems from a lack of proper...

cPanel cross-site scripting vulnerability (CNVD-2019-28986)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in api1listautoresponders in cPanel versions prior to 60.0.25. The vulnerability stem...

cPanel Information Disclosure Vulnerability (CNVD-2019-28990)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. An encryption issue vulnerability exists in versions of cPanel prior to 60.0.25. The vulnerability stems from a network...

cPanel Input Validation Error Vulnerability (CNVD-2019-27600)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 60.0.25. The vulnerability can be exploited by an attacker to execute...

cPanel cross-site scripting vulnerability (CNVD-2019-30472)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the tailea4migration.cgi interface in cPanel versions prior to 60.0.25. T...

cPanel Input Validation Error Vulnerability (CNVD-2019-27604)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 60.0.25. An attacker can exploit the vulnerability to arbitrarily...

cPanel Input Validation Error Vulnerability (CNVD-2019-29626)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 60.0.25. An attacker could exploit the vulnerability to...

cPanel Security Feature Issue Vulnerability (CNVD-2019-29623)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in cPanel versions prior to 60.0.25 that stems from the program not enforcing feature list...

CVE-2016-10783

cPanel before 60.0.25 allows self stored XSS in SSLlistkeys SEC-182...

Design/Logic Flaw

cPanel before 60.0.25 allows self XSS in the alias upload interface SEC-184...

Code injection

cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin SEC-188...

CVE-2016-10786

The CVE-2016-10786 entry affects cPanel before 60.0.25, where members of the nobody group can read Apache HTTP Server SSL private keys (information disclosure). Root cause is insufficient access control permitting read access to SSL keys by unauthorized system users. Red Hat and CNVD entries corr...

Cross site scripting

cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface SEC-159...

Format string

cPanel before 60.0.25 allows format-string injection in exception-message handling SEC-171...

CVE-2016-10775

CVE-2016-10775 affects cPanel prior to 60.0.25. The vulnerability allows arbitrary file ownership changes via reassign_post_terminate_cruft (SEC-173), with impact described as high confidentiality risk and no reported impact to availability. Public details across sources consistently identify the...