121 matches found
SUSE CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
CVE-2025-43921
GNU Mailman 2.1.39, as bundled in cPanel and WHM, allows unauthenticated attackers to create lists via the /mailman/create endpoint. NOTE: multiple third parties report that they are unable to reproduce this, regardless of whether cPanel or WHM is used...
The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers targets programming environments such as cPanel & WHM, Plesk, and DirectAdmin, running on Linux operating systems. This vulnerability allows attackers to gain increased privileges.
The vulnerability of the backup and data restoration plugins on Acronis Backup software for computers and servers, as well as for cPanel & WHM, Plesk, and DirectAdmin operating systems on Linux, is related to errors in link processing. Exploiting this vulnerability allows a malicious actor to...
PT-2024-9769 · Directadmin +3 · Directadmin +5
Name of the Vulnerable Software and Affected Versions: Acronis Backup plugin for cPanel & WHM Linux versions before build 818 Acronis Backup extension for Plesk Linux versions before build 599 Acronis Backup plugin for DirectAdmin Linux versions before build 181 Description: The issue is related ...
CVE-2021-38585
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks SEC-585...
Awbs Advanced Webhost Billing System Cross-Site Request Forgery Vulnerability
Awbs Advanced Webhost Billing System is a Php-based web billing management system for managed hosting from Awbs USA. The platform provides web hosting and or domain name registration business services, providing an automated solution for web hosting management. A cross-site request forgery...
CVE-2020-25950
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery CSRF attacks that can delete a contact from the My Additional Contact page...
CVE-2020-25950
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery CSRF attacks that can delete a contact from the My Additional Contact page...
Cross site request forgery (csrf)
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery CSRF attacks that can delete a contact from the My Additional Contact page...
CVE-2020-25950
Vulnerability summary (CVE-2020-25950) : A CSRF flaw in Advanced Webhost Billing System 3.7.0 can delete a contact via the My Added Contact page. The affected component is the web application logic handling contact management; the root cause is insufficient validation of request origin for state-...
CVE-2020-25950
Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery CSRF attacks that can delete a contact from the My Additional Contact page...
Awbs Advanced Webhost Billing System 跨站请求伪造漏洞
Awbs Advanced Webhost Billing System is a Php-based web billing management system for managed hosting from Awbs USA. The platform provides web hosting and or domain name registration business services, providing an automated solution for web hosting management. A cross-site request forgery...
Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery (CSRF)
Exploit Title: Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery CSRF Date: 06/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://www.awbs.com/ Version: 3.7.0 Tested on Windows Steps: 1. Login into the application with the help of email and password. 2. Navigat...
Advanced Webhost Billing System 3.7.0 Cross Site Request Forgery
Exploit Title: Advanced Webhost Billing System 3.7.0 - Cross-Site Request Forgery CSRF Date: 06/01/2021 Exploit Author: Rahul Ramakant Singh Vendor Homepage: https://www.awbs.com/ Version: 3.7.0 Tested on Windows Steps: 1. Login into the application with the help of email and password. 2. Navigat...
webhost-germany.de Improper Access Control vulnerability
Open Bug Bounty ID: OBB-1164563 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
webhost-germany.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1159726 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
Cross site scripting
Cross-site Scripting XSS in cPanel WebHost Manager WHM 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-17380
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface SEC-528...
CVE-2016-10797
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains SEC-133...
cPanel Cross-Site Scripting Vulnerability (CNVD-2019-26358)
cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the WHM listips interface in versions prior to cPanel 68.0.27. The...