cPanel Input Validation Error Vulnerability (CNVD-2019-26363)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.18. The vulnerability stems from a web-based...

cPanel input validation error (CNVD-2019-26362)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.18. The vulnerability stems from a web-based...

cPanel Input Validation Error Vulnerability (CNVD-2019-26511)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in versions of cPanel prior to 78.0.18, which can be exploited by an attacker to...

cPanel Information Disclosure Vulnerability (CNVD-2019-25328)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An information disclosure vulnerability exists in versions of cPanel prior to 78.0.18. The vulnerability stems from an error in t...

cPanel cross-site scripting vulnerability (CNVD-2019-25327)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in versions prior to cPanel 78.0.18. The vulnerability stems from a lack of proper...

cPanel Privilege Permission and Access Control Issues Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A privilege permission and access control issue vulnerability exists in versions prior to cPanel 78.0.18, which can be exploited ...

CVE-2019-14405

cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg SEC-487...

CVE-2019-14404

cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtualuserspam router SEC-484...

CVE-2019-14401

cPanel before 78.0.18 allows code execution via an addforward API1 call SEC-480...

CVE-2019-14403

cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing SEC-483...

CVE-2019-14399

The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account SEC-477...

Design/Logic Flaw

The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account SEC-477...

Cross site scripting

cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing SEC-493...

Design/Logic Flaw

cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing SEC-483...

CVE-2019-14404

CVE-2019-14404 affects cPanel prior to 78.0.18, permitting certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484). Impact is information disclosure; no exploit details provided beyond this. Remediation: upgrade to cPanel 78.0.18 or later (p...

CVE-2019-14400

CVE-2019-14400 affects cPanel prior to 78.0.18. The vulnerability arises from userdata cache misparsing (SEC-479) and allows a local attacker to escalate privileges to root. The impact is described as complete confidentiality, integrity, and availability compromise for the affected host. Remediat...