Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cpanel Security Vulnerabilities

cve
cve

CVE-2017-18442

cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).

5.3CVSS

5.6AI Score

0.001EPSS

2019-08-02 05:15 PM
24
cve
cve

CVE-2017-18443

cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).

5.8CVSS

5.6AI Score

0.001EPSS

2019-08-02 05:15 PM
31
cve
cve

CVE-2017-18444

cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).

5.3CVSS

5.6AI Score

0.001EPSS

2019-08-02 05:15 PM
24
cve
cve

CVE-2017-18445

cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).

4.3CVSS

4.8AI Score

0.001EPSS

2019-08-02 05:15 PM
22
cve
cve

CVE-2017-18446

cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).

6.3CVSS

6.4AI Score

0.001EPSS

2019-08-02 05:15 PM
22
cve
cve

CVE-2017-18447

cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).

6.3CVSS

6.5AI Score

0.001EPSS

2019-08-02 05:15 PM
22
cve
cve

CVE-2017-18448

cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).

5.3CVSS

5.3AI Score

0.001EPSS

2019-08-02 05:15 PM
23
cve
cve

CVE-2017-18449

cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).

5.5CVSS

5.5AI Score

0.0004EPSS

2019-08-02 05:15 PM
19
cve
cve

CVE-2017-18450

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).

4.5CVSS

4.8AI Score

0.0004EPSS

2019-08-02 05:15 PM
22
cve
cve

CVE-2017-18451

cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).

5.3CVSS

5.2AI Score

0.001EPSS

2019-08-02 05:15 PM
20
cve
cve

CVE-2017-18452

cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).

6.7CVSS

6.9AI Score

0.0004EPSS

2019-08-02 05:15 PM
22
cve
cve

CVE-2017-18453

cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).

4.9CVSS

5.2AI Score

0.001EPSS

2019-08-02 05:15 PM
24
cve
cve

CVE-2017-18454

cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).

5.4CVSS

5.2AI Score

0.001EPSS

2019-08-02 05:15 PM
20
cve
cve

CVE-2017-18455

In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).

2.7CVSS

4.2AI Score

0.001EPSS

2019-08-02 05:15 PM
27
cve
cve

CVE-2017-18456

cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).

6.1CVSS

5.9AI Score

0.001EPSS

2019-08-02 05:15 PM
27
cve
cve

CVE-2017-18457

cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).

4.4CVSS

4.9AI Score

0.0004EPSS

2019-08-02 05:15 PM
20
cve
cve

CVE-2017-18458

cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).

3.3CVSS

4.3AI Score

0.0004EPSS

2019-08-02 05:15 PM
19
cve
cve

CVE-2017-18459

cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).

7.8CVSS

7.9AI Score

0.0004EPSS

2019-08-02 05:15 PM
21
cve
cve

CVE-2017-18460

cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).

7.8CVSS

7.9AI Score

0.0004EPSS

2019-08-02 05:15 PM
28
cve
cve

CVE-2017-18461

cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).

4.3CVSS

4.8AI Score

0.001EPSS

2019-08-02 05:15 PM
22
cve
cve

CVE-2017-18462

cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).

7.5CVSS

7.5AI Score

0.001EPSS

2019-08-05 12:15 PM
22
cve
cve

CVE-2017-18463

cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).

7.8CVSS

7.8AI Score

0.0004EPSS

2019-08-02 05:15 PM
24
cve
cve

CVE-2017-18464

cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).

4.9CVSS

5.3AI Score

0.001EPSS

2019-08-05 12:15 PM
20
cve
cve

CVE-2017-18465

cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).

4.4CVSS

4.8AI Score

0.0004EPSS

2019-08-05 12:15 PM
22
cve
cve

CVE-2017-18466

cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).

2.7CVSS

4.1AI Score

0.001EPSS

2019-08-05 12:15 PM
30
cve
cve

CVE-2017-18467

cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).

4.3CVSS

4.6AI Score

0.001EPSS

2019-08-05 12:15 PM
20
cve
cve

CVE-2017-18468

cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).

6.3CVSS

6.5AI Score

0.001EPSS

2019-08-05 12:15 PM
643
cve
cve

CVE-2017-18469

cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).

6.3CVSS

6.6AI Score

0.001EPSS

2019-08-05 01:15 PM
26
cve
cve

CVE-2017-18470

cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).

8.8CVSS

8.7AI Score

0.001EPSS

2019-08-05 01:15 PM
32
cve
cve

CVE-2017-18471

cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).

5.4CVSS

5.2AI Score

0.001EPSS

2019-08-05 01:15 PM
19
cve
cve

CVE-2017-18472

cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).

6.1CVSS

6AI Score

0.001EPSS

2019-08-05 01:15 PM
21
cve
cve

CVE-2017-18473

cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).

5.4CVSS

5.3AI Score

0.001EPSS

2019-08-05 01:15 PM
24
cve
cve

CVE-2017-18474

cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).

6.5CVSS

6.5AI Score

0.001EPSS

2019-08-05 01:15 PM
24
cve
cve

CVE-2017-18475

In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).

8.8CVSS

8.5AI Score

0.001EPSS

2019-08-05 01:15 PM
28
cve
cve

CVE-2017-18476

Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).

7.5CVSS

7.5AI Score

0.002EPSS

2019-08-05 01:15 PM
36
cve
cve

CVE-2017-18477

In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).

6.5CVSS

6.5AI Score

0.001EPSS

2019-08-05 01:15 PM
31
cve
cve

CVE-2017-18478

In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).

6.5CVSS

6.5AI Score

0.001EPSS

2019-08-05 01:15 PM
23
cve
cve

CVE-2017-18479

In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).

6.5CVSS

6.5AI Score

0.001EPSS

2019-08-05 01:15 PM
18
cve
cve

CVE-2017-18480

cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).

6.5CVSS

6.5AI Score

0.001EPSS

2019-08-05 01:15 PM
27
cve
cve

CVE-2017-18481

cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).

5.4CVSS

5.2AI Score

0.001EPSS

2019-08-05 01:15 PM
28
cve
cve

CVE-2017-18482

cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).

6.5CVSS

6.4AI Score

0.001EPSS

2019-08-05 01:15 PM
25
cve
cve

CVE-2017-5613

Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.

7.8CVSS

7.1AI Score

0.018EPSS

2017-03-03 03:59 PM
37
cve
cve

CVE-2017-5614

Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.

6.1CVSS

6.1AI Score

0.002EPSS

2017-03-03 03:59 PM
33
cve
cve

CVE-2017-5615

cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.

6.1CVSS

6.1AI Score

0.001EPSS

2017-03-03 03:59 PM
24
cve
cve

CVE-2017-5616

Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2017-03-03 03:59 PM
39
cve
cve

CVE-2018-16236

cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.

6.1CVSS

5.8AI Score

0.001EPSS

2018-08-30 10:29 PM
17
cve
cve

CVE-2018-20862

cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).

7.8CVSS

7.7AI Score

0.0004EPSS

2019-07-30 03:15 PM
23
cve
cve

CVE-2018-20863

cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).

9.8CVSS

9.7AI Score

0.007EPSS

2019-07-30 03:15 PM
22
cve
cve

CVE-2018-20864

cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).

6.5CVSS

6.5AI Score

0.001EPSS

2019-07-30 03:15 PM
20
cve
cve

CVE-2018-20865

cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).

6.1CVSS

6AI Score

0.001EPSS

2019-07-30 03:15 PM
20
Total number of security vulnerabilities424