Cpanel Security Vulnerabilities

CVE-2017-18436

cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call...

CVE-2017-18442

cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands...

CVE-2017-18444

cPanel before 64.0.21 allows demo accounts to execute SSH API commands...

CVE-2017-18443

cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding...

CVE-2017-18440

cPanel before 64.0.21 allows demo users to execute traceroute via api2...

CVE-2017-18441

cPanel before 64.0.21 allows demo accounts to redirect web traffic...

CVE-2017-18446

cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API...

CVE-2017-18447

cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API...

CVE-2017-18437

cPanel before 64.0.21 allows a Webmail account to execute code via forwarders...

CVE-2017-18439

cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call...

CVE-2017-18435

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API...

CVE-2017-18422

In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions...

CVE-2017-18423

In cPanel before 66.0.2, domain log files become readable after log processing...

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing...

CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination...

CVE-2017-18430

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft...

CVE-2017-18426

cPanel before 66.0.2 allows resellers to read other accounts' domain log files...

CVE-2017-18433

cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call...

CVE-2017-18432

In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password...

CVE-2017-18434

cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call...

CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt...

CVE-2017-18427

In cPanel before 66.0.2, weak log-file permissions can occur after account modification...

CVE-2017-18421

cPanel before 66.0.2 allows demo accounts to create databases and users...

CVE-2017-18425

In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions...

CVE-2017-18431

cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts...

CVE-2017-18419

cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation...

CVE-2017-18417

cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation...

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations...

CVE-2017-18420

cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing...

CVE-2017-18403

cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives...

CVE-2017-18406

cPanel before 67.9999.103 allows SQL injection during eximstats processing...

CVE-2017-18413

In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears...

CVE-2017-18414

cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html...

CVE-2017-18404

cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD...

CVE-2017-18408

cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces...

CVE-2017-18409

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases...

CVE-2017-18410

In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server...

CVE-2017-18407

cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download...

CVE-2017-18405

cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic...

CVE-2017-18415

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering...

CVE-2017-18416

cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update...

CVE-2017-18411

The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account...

CVE-2017-18412

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename...

CVE-2017-18392

cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts...

CVE-2017-18394

cPanel before 68.0.15 does not have a sufficient list of reserved usernames...

CVE-2017-18396

cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases...

CVE-2017-18398

DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains...

CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer...

CVE-2017-18393

cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail...

CVE-2017-18395

cPanel before 68.0.15 does not block a username of ssl...