CVE-2018-20938

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls SEC-324...

CVE-2018-20869

cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin SEC-465...

CVE-2016-10823

cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation SEC-89...

CVE-2016-10841

The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes SEC-73...

CVE-2016-10842

cPanel before 11.54.0.4 allows certain file-read operations in bin/setupglobalspamfilter.pl SEC-74...

CVE-2016-10851

cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface SEC-84...

CVE-2016-10787

The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries SEC-187...

CVE-2017-18436

cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call SEC-239...

CVE-2019-14394

cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetchsslcertificatesforfqdns API SEC-489...

CVE-2018-20886

cPanel before 74.0.0 insecurely stores phpMyAdmin session files SEC-418...

CVE-2018-20864

cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain SEC-454...

CVE-2018-20921

cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action SEC-375...

CVE-2018-20879

cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API SEC-444...

CVE-2018-20926

cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface SEC-380...

CVE-2018-20906

cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction SEC-430...

CVE-2018-20888

cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication SEC-424...

CVE-2018-20889

cPanel before 74.0.0 allows certain file-read operations via password file caching SEC-425...

CVE-2018-20887

cPanel before 74.0.0 allows SQL injection during database backups SEC-420...

CVE-2018-20904

cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction SEC-427...

CVE-2018-20902

cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation SEC-408...