3954 matches found
CVE-2023-29489
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31...
CVE-2022-48623
The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service...
CVE-2021-38588
In cPanel before 96.0.13, fixcpanelperl lacks verification of the integrity of downloads SEC-587...
CVE-2021-38586
In cPanel before 98.0.1, /scripts/cpanconfig performs unsafe operations on files SEC-589...
CVE-2021-38585
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks SEC-585...
CVE-2021-38584
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks SEC-585...
CVE-2021-38590
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
CVE-2021-38589
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files SEC-588...
CVE-2021-26266
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock SEC-578...
CVE-2021-26267
cPanel before 92.0.9 allows a MySQL user who has an old-style password hash to bypass suspension SEC-579...
CVE-2021-38587
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files SEC-586...
CVE-2020-26099
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism SEC-491...
CVE-2020-26110
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces SEC-564...
CVE-2020-26111
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface SEC-566...
CVE-2020-26107
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys SEC-561...
CVE-2020-26112
The email quota cache in cPanel before 90.0.10 allows overwriting of files...
CVE-2020-26114
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface SEC-573...
CVE-2020-26113
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces SEC-569...
CVE-2020-26098
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution SEC-485...
CVE-2020-10118
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls SEC-543...