23 matches found
CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
CVE-2026-54420
The CVE-2026-54420 entry concerns LiteSpeed cPanel plugin versions prior to 2.4.8 (as packaged in LiteSpeed WHM Plugin prior to 5.3.2.0). The root cause is mishandling of user-provided symlinks on shared hosting environments running CloudLinux/CageFS, allowing abuse through FTP or web shell acces...
EUVD-2026-36657
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
CVE-2026-54420
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
PT-2026-49104
LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command Vulnerability
CloudLinux CageFS versions 7.0.8-2 and below insufficiently restrict file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment. CloudLinux CageFS Insufficiently Restricted Proxy Command Link:...
CloudLinux CageFS 7.0.8-2 Insufficiently Restricted Proxy Command
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Insufficiently Restricted Proxy Command Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02CloudLinuxCageFSInsufficientlyRestrictedProxyCommands Vulnerability Overview CloudLinux CageFS 7.0.8-2 or...
CloudLinux CageFS 7.1.1-1 Token Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CloudLinux CageFS Token Disclosure Link: https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-01CloudLinuxCageFSTokenDisclosure Vulnerability Overview CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a...
CVE-2020-36772
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...
CVE-2020-36772
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...
Command injection
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files outside the CageFS environment in a limited way...
CVE-2020-36771
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...
CVE-2020-36771
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...
Authentication flaw
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as command line argument. In some configurations this allows local users to view it via the process list and gain code execution as another user...
CVE-2020-36772
CloudLinux CageFS CVE-2020-36772 affects CageFS 7.0.8-2 and earlier, where file paths given to the sendmail proxy command are not sufficiently restricted. This enables local users to read/write arbitrary files outside the CageFS environment. The vulnerability is triggered by insufficient path val...
CVE-2020-36772
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...
CVE-2020-36772
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment...
CVE-2020-36771
CloudLinux CageFS vulnerability CVE-2020-36771 affects CageFS 7.1.1-1 and earlier: the authentication token is passed as a command line argument, which can allow a local user to view the token via the process list and gain code execution as another user. Affected versions: 7.1.1-1 and below. Root...
CVE-2020-36771
CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list and gain code execution as another user...
CloudLinux CageFS Security Vulnerability
CloudLinux CageFS is a virtualized file system and set of tools from CloudLinux. A security vulnerability exists in CloudLinux CageFS version 7.0.8-2 and prior versions. An attacker could exploit the vulnerability to read and write arbitrary files outside of the CageFS environment in a limited wa...