756 matches found
CVE-2016-10794
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error SEC-154...
CVE-2016-10839
cPanel before 11.54.0.4 allows SQL injection in bin/hordeupdateusernames SEC-71...
CVE-2016-10822
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images SEC-88...
CVE-2016-10840
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication SEC-72...
CVE-2016-10826
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests SEC-93...
CVE-2016-10781
cPanel before 60.0.25 allows self XSS in the UIconfirm API SEC-180...
CVE-2016-10808
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs SEC-113...
CVE-2016-10853
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface SEC-86...
CVE-2016-10817
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file SEC-123...
CVE-2016-10835
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging SEC-107...
CVE-2016-10798
cPanel before 58.0.4 allows a file-ownership change to nobody via rearrangeacct SEC-134...
CVE-2016-10800
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls SEC-138...
CVE-2016-10789
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler SEC-191...
CVE-2016-10783
cPanel before 60.0.25 allows self stored XSS in SSLlistkeys SEC-182...
CVE-2016-10792
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives SEC-141...
CVE-2016-10837
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path SEC-46...
CVE-2016-10855
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd SEC-91...
CVE-2016-10774
cPanel before 60.0.25 allows self XSS in the tailea4migration.cgi interface SEC-172...
CVE-2016-10819
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd SEC-125...
CVE-2016-10802
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler SEC-142...