Cpanel Security Vulnerabilities

CVE-2017-18392

cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).

CVE-2017-18393

cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).

CVE-2017-18394

cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).

CVE-2017-18395

cPanel before 68.0.15 does not block a username of ssl (SEC-328).

CVE-2017-18396

cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).

CVE-2017-18397

cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).

CVE-2017-18398

DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).

CVE-2017-18399

cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).

CVE-2017-18400

cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).

CVE-2017-18401

cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).

CVE-2017-18402

cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).

CVE-2017-18403

cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).

CVE-2017-18404

cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).

CVE-2017-18405

cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).

CVE-2017-18406

cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).

CVE-2017-18407

cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).

CVE-2017-18408

cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).

CVE-2017-18409

In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).

CVE-2017-18410

In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).

CVE-2017-18411

The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).

CVE-2017-18412

cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).

CVE-2017-18413

In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).

CVE-2017-18414

cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).

CVE-2017-18415

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).

CVE-2017-18416

cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).

CVE-2017-18417

cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).

CVE-2017-18419

cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).

CVE-2017-18420

cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).

CVE-2017-18421

cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).

CVE-2017-18422

In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).

CVE-2017-18423

In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).

CVE-2017-18424

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).

CVE-2017-18425

In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).

CVE-2017-18426

cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).

CVE-2017-18427

In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).

CVE-2017-18428

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).

CVE-2017-18429

In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).

CVE-2017-18430

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).

CVE-2017-18431

cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).

CVE-2017-18432

In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).

CVE-2017-18433

cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).

CVE-2017-18434

cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).

CVE-2017-18435

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).

CVE-2017-18436

cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).

CVE-2017-18437

cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).

CVE-2017-18438

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).

CVE-2017-18439

cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).

CVE-2017-18440

cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).

CVE-2017-18441

cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).