cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call...
3.5CVSS
4.1AI Score
0.0004EPSS
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands...
5.3CVSS
5.6AI Score
0.001EPSS
5.3CVSS
5.6AI Score
0.001EPSS
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding...
5.8CVSS
5.6AI Score
0.001EPSS
4.3CVSS
4.9AI Score
0.001EPSS
5CVSS
5.2AI Score
0.001EPSS
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API...
6.3CVSS
6.4AI Score
0.001EPSS
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API...
6.3CVSS
6.5AI Score
0.001EPSS
4.4CVSS
5.1AI Score
0.0004EPSS
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call...
6.3CVSS
6.6AI Score
0.001EPSS
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API...
7.3CVSS
7.3AI Score
0.001EPSS
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions...
3.3CVSS
4.3AI Score
0.0004EPSS
3.3CVSS
4.3AI Score
0.0004EPSS
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing...
2.5CVSS
4.2AI Score
0.0004EPSS
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination...
3.3CVSS
4.3AI Score
0.0004EPSS
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft...
4.7CVSS
4.8AI Score
0.001EPSS
2.7CVSS
4AI Score
0.001EPSS
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call...
8.8CVSS
8.8AI Score
0.001EPSS
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password...
7.8CVSS
7.5AI Score
0.0004EPSS
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call...
7.8CVSS
7.8AI Score
0.0004EPSS
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt...
3.3CVSS
4.2AI Score
0.0004EPSS
In cPanel before 66.0.2, weak log-file permissions can occur after account modification...
3.3CVSS
4.3AI Score
0.0004EPSS
3.3CVSS
4.2AI Score
0.0004EPSS
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions...
2.5CVSS
4.2AI Score
0.0004EPSS
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts...
7.5CVSS
7.5AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives...
6.3CVSS
6.7AI Score
0.001EPSS
7.5CVSS
8AI Score
0.001EPSS
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears...
7.8CVSS
7.5AI Score
0.0004EPSS
7.4CVSS
7.4AI Score
0.001EPSS
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD...
3.1CVSS
4.2AI Score
0.001EPSS
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces...
5.4CVSS
5.1AI Score
0.001EPSS
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases...
6.5CVSS
6.4AI Score
0.001EPSS
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server...
6.5CVSS
6.4AI Score
0.001EPSS
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download...
4.8CVSS
5.2AI Score
0.001EPSS
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic...
5.5CVSS
5.6AI Score
0.0004EPSS
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering...
7.8CVSS
7.8AI Score
0.0004EPSS
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update...
5.5CVSS
5.6AI Score
0.0004EPSS
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account...
6.8CVSS
6.5AI Score
0.001EPSS
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename...
2.5CVSS
4.1AI Score
0.0004EPSS
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts...
2CVSS
4.2AI Score
0.001EPSS
2.7CVSS
4.2AI Score
0.001EPSS
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases...
5.5CVSS
5.6AI Score
0.0004EPSS
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains...
3.8CVSS
4.5AI Score
0.001EPSS
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer...
3.7CVSS
4.3AI Score
0.001EPSS
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail...
2.7CVSS
4.2AI Score
0.001EPSS
2.7CVSS
4.2AI Score
0.001EPSS