EUVD-2019-11036

Malware in sbrugna...

Unspecified vulnerability in cPanel (CNVD-2021-37215)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 82.0.18. The vulnerability can be exploited by an attacker to...

cPanel WebDAV Authentication Bypass Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A WebDAV authentication bypass vulnerability exists in cPanel versions prior to 82.0.18. The vulnerability stems from incorrect connection sharing logic. An attacker can exploit this vulnerability to achieve WebDAV...

cPanel Authentication Bypass Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. An authentication bypass vulnerability exists in cPanel versions prior to 82.0.18. The vulnerability stems from improper parsing of the password file format. An attacker can exploit this vulnerability to achieve...

cPanel Arbitrary Database Read Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. An arbitrary database read vulnerability exists in cPanel versions prior to 82.0.18. An attacker can exploit this vulnerability to read arbitrary databases via a MySQL dump stream...

cPanel Deactivation Restriction Bypass Vulnerability

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A security vulnerability exists in versions of cPanel prior to 82.0.18. An attacker could exploit the vulnerability to bypass...

cPanel cross-site scripting vulnerability (CNVD-2020-19891)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in cPanel versions prior to 82.0.18. The vulnerability stems from a lack of proper...

cPanel Stored Cross-Site Scripting Vulnerability

cPanel is a set of Web-based host control management system of the U.S. cPanel. A stored cross-site scripting vulnerability exists in cPanel versions prior to 82.0.18. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via a WHM backup restore...

CVE-2019-20496

cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing SEC-532...

CVE-2019-20493

cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled SEC-520...

CVE-2019-20492

cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file SEC-516...

CVE-2019-20490

cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently SEC-499...

Design/Logic Flaw

cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file SEC-516...

CVE-2019-20494

In cPanel before 82.0.18, the RNG function Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). Affected product: cPanel (web hosting control panel). Vulnerable component: Cpanel::Rand::Get. Root cause: RNG predictability leads to low-entropy sequences. Impact: potential infor...

CVE-2019-20491

cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions SEC-508...