39 matches found
EUVD-2016-1843
Malware in sbrugna...
EUVD-2008-2068
Malware in sbrugna...
CVE-2020-29135
cPanel before 90.0.17 has multiple instances of URL parameter injection SEC-567...
CVE-2019-14395
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log SEC-494...
CVE-2018-20862
cPanel before 76.0.8 unsafely performs PostgreSQL password changes SEC-366...
CVE-2018-20897
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system SEC-395...
CVE-2017-18390
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups SEC-322...
CVE-2017-18427
In cPanel before 66.0.2, weak log-file permissions can occur after account modification SEC-289...
CVE-2019-14398
Summary (CVE-2019-14398) : cPanel prior to 80.0.5 contains an input validation/command-execution vulnerability in the ajax_maketext_syntax_util.pl component (SEC-498), enabling demo accounts to execute arbitrary code. The issue is exposed over network (no user interaction required) and has a high...
cpanelXSS.txt
Title: cPanel Multiple Cross Site Scripting Author: Simo Ben youssef aka 6mOHaCk Discovered: 22 january 2005 Published: 02 february 2006 MorX Security Research Team http://www.morx.org Service: Web Hosting Manager Vendor: cPanel Vulnerability: Cross Site Scripting / Cookie-Theft / Relogin attacks...
cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/16482/info cPanel is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues ...
CVE-2004-1875
Multiple cross-site scripting XSS vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to testfile.html, 2 file parameter to erredit.html, 3 dns parameter to dnslook.html, 4 account parameter to ignorelist.html, 5 account...
CVE-2004-1849
Multiple cross-site scripting XSS vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 email parameter to dodelautores.html or 2 handle parameter to addhandle.html...
More Cpanel Vuls (cross site scripting)
Advisory Name: More Cpanel Vuls cross site scripting Discovered by: Fable Greets: 0x29A Crew, !AM Crew, Atomix, d3thstar, mgrd, rootthief.com. Version Tested On: cPanel Build 9.1.0-STABLE 93 Most likely effects more Description cPanel & WebHost Manager WHM is a next generation web hosting control...
cPanel <= 9.1.0 Multiple Vulnerabilities
The version of cPanel installed on the remote host is version 9.1.0 or earlier and thus reportedly affected by multiple issues: - The dohtaccess.html script fails to sanitize input supplied by a user and is affected by a cross-site scripting vulnerability. CVE-2004-2308 - Both the Login Page and...
cPanel 56 Formail-Clone - E-Mail Restriction Bypass
cPanel 56 Formail-Clone - E-Mail Restriction Bypass source: https://www.securityfocus.com/bid/7758/info It has been reported that cPanel is prone to an issue where a remote attacker may bypass cPanel Formail-clone local domain checks and have untrusted e-mail delivered in the context of the...
cPanel guestbook.cgi template Parameter Arbitrary Command Execution
The version of cPanel running on the remote host does not properly filter input to the 'template' parameter of '/guestbook.cgi'. This could allow a remote attacker to execute arbitrary commands with the privileges of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. untested...
cPanel 5.0 - 'Guestbook.cgi' Remote Command Execution (4)
source: https://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attacker may exploit this vulnerability ...
Cpanel 5 and below remote command execution and local root vulnerabilities
Products: Cpanel 5 and below http://www.cpanel.net Date: 19th February 2003 Author: pokleyzz pokleyzzatscan-associates.net Contributors: sk skatscan-associates.net shaharil shaharilatscan-associates.net Special thanks: Skywizard skywizardatmybsd.org.my Description =========== Cpanel is web hostin...