11645 matches found
CVE-2017-18424
CVE-2017-18424 affects cPanel prior to 66.0.2. When the Apache HTTP Server configuration is rebuilt, the configuration file can become world-readable, exposing potentially sensitive configuration data. Root cause described as an issue in the rebuild process (SEC-274). Red Hat/CNVD/CVE records con...
Design/Logic Flaw
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename SEC-296...
CVE-2017-18412
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename SEC-296...
CVE-2017-18412
CVE-2017-18412 affects cPanel before 67.9999.103, where mishandling during an account rename allows Apache HTTP Server log files to become world-readable (information disclosure). Root cause: improper access control on log files. Impact is limited to partial confidentiality breach as described; n...
CVE-2018-20932
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains SEC-406...
CVE-2018-20932
CVE-2018-20932 affects cPanel before 70.0.23. The issue arises when certain domains are created, causing exposure of Apache HTTP Server logs and resulting in potential information disclosure. The primary reference is SEC-406. Exploitation status and concrete fixes are not provided in the connecte...
CVE-2018-20885
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
Command injection
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
CVE-2018-20885
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation SEC-416...
CVE-2018-20885
CVE-2018-20885 affects cPanel prior to 74.0.0 and is caused by Apache HTTP Server configuration injection due to DocumentRoot variable interpolation (SEC-416). The available documents identify the affected product version and the vulnerability class but do not provide details on exploitation atte...
CentOS Update for httpd CESA-2019:1898 centos7
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
CentOS Errata and Security Advisory CESA-2019:1898 An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
GHSA-J657-59RV-QWM6 Cross-Site Scripting in min-http-server
All versions of min-http-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available, conside...
Cross-Site Scripting in min-http-server
All versions of min-http-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available, conside...
min-http-server cross-site scripting vulnerability
min-http-server is a lightweight http static resource server . A cross-site scripting vulnerability exists in min-http-server all versions. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute...
CVE-2019-5457
Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...
CVE-2019-5457
Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...
Cross site scripting
Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...
CVE-2019-5457
Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...
CVE-2019-5457
CVE-2019-5457 concerns a cross-site scripting (XSS) vulnerability in min-http-server (all versions). The root cause is failure to sanitize filenames in directory listings, allowing an attacker with access to the server file system to inject malicious characters into filenames and have JavaScript ...