757 matches found
CVE-2017-18422
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions SEC-272...
CVE-2017-18440
cPanel before 64.0.21 allows demo users to execute traceroute via api2 SEC-244...
CVE-2017-18404
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD SEC-341...
CVE-2017-18385
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores SEC-311...
CVE-2017-18448
cPanel before 64.0.21 allows certain file-read operations via a Serverinfomanpage API call SEC-252...
CVE-2017-18451
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade SEC-257...
CVE-2017-18439
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManagerdimensions API call SEC-243...
CVE-2017-18415
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering SEC-302...
CVE-2017-18442
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands SEC-246...
CVE-2017-18433
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a storefilter API call SEC-236...
CVE-2017-18387
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload SEC-314...
CVE-2017-18477
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account SEC-206...
CVE-2017-18396
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases SEC-329...
CVE-2017-18402
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade SEC-336...
CVE-2017-18446
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API SEC-250...
CVE-2017-18464
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor SEC-226...
CVE-2017-18473
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page SEC-199...
CVE-2017-18437
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders SEC-240...
CVE-2017-18419
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation SEC-266...
CVE-2017-18443
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding SEC-247...