EUVD-2017-9548

Malware in sbrugna...

cPanel Code Execution Vulnerability (CNVD-2019-26340)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A code execution vulnerability exists in versions of cPanel prior to 64.0.21. An attacker can exploit the vulnerability to execut...

cPanel Information Disclosure Vulnerability (CNVD-2019-26337)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 64.0.21. An attacker can exploit the vulnerability to disclose...

cPanel Code Execution Vulnerability (CNVD-2019-26336)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A code execution vulnerability exists in versions of cPanel prior to 64.0.21. An attacker exploited the vulnerability to execute...

cPanel Path Traversal Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A path traversal vulnerability exists in versions of cPanel prior to 64.0.21. The vulnerability stems from a failure of a network...

cPanel Code Execution Vulnerability (CNVD-2019-26345)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 64.0.21. The vulnerability can be exploited by an attacker to...

cPanel Code Execution Vulnerability (CNVD-2019-26342)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 64.0.21. The vulnerability can be exploited by an attacker to...

cPanel Information Disclosure Vulnerability (CNVD-2019-26344)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An information disclosure vulnerability exists in versions prior to cPanel 64.0.21. The vulnerability can be exploited by an...

cPanel Input Validation Error Vulnerability (CNVD-2019-26343)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 64.0.21. The vulnerability stems from a web-based...

cPanel Code Execution Vulnerability (CNVD-2019-26334)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 64.0.21. An attacker can exploit the vulnerability to execute code...

CVE-2017-18453

cPanel before 64.0.21 does not preserve supplemental groups across account renames SEC-260...

CVE-2017-18447

cPanel before 64.0.21 allows demo accounts to execute code via the ClamScannergetsocket API SEC-251...

Code injection

cPanel before 64.0.21 allows certain file-read operations via a Serverinfomanpage API call SEC-252...

CVE-2017-18446

CVE-2017-18446 affects cPanel prior to 64.0.21. The issue allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250). The Red Hat/CNVD/EUVD/ENISA entries corroborate the core description. Impact as stated is potential access to restricted files and modificati...

CVE-2017-18445

cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls SEC-249...

CVE-2017-18443

CVE-2017-18443 affects cPanel prior to 64.0.21. The issue allows demo and suspended accounts to use SSH port forwarding, indicating a flaw in access control around SSH features (SEC-247). The documented remediation is to upgrade to version 64.0.21 or later. The connected sources confirm the descr...

CVE-2017-18442

CVE-2017-18442 : Affected software is cPanel prior to 64.0.21. The issue allows demo accounts to trigger Cpanel::SPFUI API commands (SEC-246), implying limited privilege elevation within the control panel API. The description and connected documents do not provide additional exploitation details ...

CVE-2017-18434

cPanel before 64.0.21 allows code execution in the context of the root account via a SETVHOSTLANGPACKAGE multilang adminbin call SEC-237...

CVE-2017-18436

cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call SEC-239...

CVE-2017-18433

CVE-2017-18433 affects cPanel prior to version 64.0.21. The vulnerability allows code execution via the store_filter API call initiated by webmail and demo accounts (SEC-236). Multiple sources (Red Hat, CNVD, NVD, CVE registry) corroborate that the flaw exists in older cPanel builds; no public ex...