Vulnerabilites related to cpanel - cpanel
Vulnerability from fkie_nvd
Published
2006-02-07 18:06
Modified
2024-11-21 00:06
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F23C1C-4F4E-4BFA-8FF2-51BF76EAE0C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type."
}
],
"id": "CVE-2006-0574",
"lastModified": "2024-11-21T00:06:46.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-07T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0062.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18695"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015589"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22940"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/424148/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22940"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/424148/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0433"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7408F14F-6D46-411A-B62A-08F632537813",
"versionEndExcluding": "66.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 66.0.2, permite un ataque de tipo XSS almacenado durante el procesamiento de cPAddons de WHM (SEC-269)."
}
],
"id": "CVE-2017-18420",
"lastModified": "2024-11-21T03:20:04.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:11.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF36B181-4DE9-4D36-AC5D-31B2F4E6F2D7",
"versionEndExcluding": "11.52.6.2",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "315E7D30-1B7E-43A2-A405-FAED84DEA24C",
"versionEndExcluding": "11.54.0.26",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E59834-A31B-4BBD-AA31-C85BA27E1BBB",
"versionEndExcluding": "56.0.27",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2220C8-D448-4F18-B279-8079FA963005",
"versionEndExcluding": "58.0.4",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 58.0.4, no establece el directorio tmp de Pear durante una instalaci\u00f3n de PHP (SEC-137)."
}
],
"id": "CVE-2016-10799",
"lastModified": "2024-11-21T02:44:46.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 57.9999.54, el archivo /scripts/unsuspendacct expuso los TTY (SEC-116)."
}
],
"id": "CVE-2016-10811",
"lastModified": "2024-11-21T02:44:48.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:13.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 88.0.3, es usado un secreto SRS no seguro en una VM con plantilla (SEC-552)"
}
],
"id": "CVE-2020-26104",
"lastModified": "2024-11-21T05:19:14.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 12:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, no reconoce la propiedad del dominio apropiadamente durante la adici\u00f3n de dominios aparcados en una configuraci\u00f3n de correo (SEC-228)."
}
],
"id": "CVE-2017-18466",
"lastModified": "2024-11-21T03:20:11.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T12:15:11.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-10-18 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF1B164-A4F9-4291-B25E-1FDFCE0A4E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled."
}
],
"id": "CVE-2004-1603",
"lastModified": "2024-11-20T23:51:18.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2004-10-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811572123753\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811654104208\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12865"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11449"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11455"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811572123753\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811654104208\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Exploit",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite un ataque de tipo XSS propio en Spamd Startup Config de WHM. (SEC-387)."
}
],
"id": "CVE-2018-20951",
"lastModified": "2024-11-21T04:02:32.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:13.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 14:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBE994D-E107-4384-98AC-FE42A4BEBE68",
"versionEndExcluding": "11.52.6.6",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AF87F9-CFA5-4942-B62E-A0C032D86510",
"versionEndExcluding": "11.54.0.29",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5A07E2-FF68-4F7B-AE0B-EA7BB2710D32",
"versionEndExcluding": "56.0.34",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0244CA83-34E0-435A-94AA-3D84151A4CD0",
"versionEndExcluding": "58.0.29",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC3C7FC-99F6-4307-BE35-08C4E2ABBA2E",
"versionEndExcluding": "59.9999.145",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 59.9999.145, permite la ejecuci\u00f3n de c\u00f3digo arbitrario debido a un #! incorrecto en scripts Mail::SPF (SEC-152)."
}
],
"id": "CVE-2016-10793",
"lastModified": "2024-11-21T02:44:45.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T14:15:11.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-27 21:15
Modified
2024-11-21 07:57
Severity ?
5.3 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27895D75-07E6-4ED2-BEFE-9718E7418CB0",
"versionEndExcluding": "11.102.0.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03CD2A77-1A0B-49EB-9C36-A38B57162FA4",
"versionEndExcluding": "11.106.0.18",
"versionStartIncluding": "11.104.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F193C33-6199-4643-A657-38D4C583250F",
"versionEndExcluding": "11.108.0.13",
"versionStartIncluding": "11.108.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAABB8A0-5588-4443-8505-7D0A3C16E979",
"versionEndExcluding": "11.109.9999.116",
"versionStartIncluding": "11.109.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31."
}
],
"id": "CVE-2023-29489",
"lastModified": "2024-11-21T07:57:09.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-27T21:15:10.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/tsr-2017-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, permite un ataque de tipo auto XSS en la pantalla de cambio de contrase\u00f1a de paper_lantern (SEC-197)."
}
],
"id": "CVE-2017-18471",
"lastModified": "2024-11-21T03:20:11.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite un ataque de tipo XSS propio en la interfaz Security Questions de WHM (SEC-433)."
}
],
"id": "CVE-2018-20875",
"lastModified": "2024-11-21T04:02:22.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 14:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DAD1F09-A803-4AB3-9C46-CE4EF9F930F9",
"versionEndExcluding": "80.0.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 80.0.22, permite una ejecuci\u00f3n de c\u00f3digo remota mediante una cuenta demo debido al env\u00edo incorrecto del URI (SEC-501)."
}
],
"id": "CVE-2019-14392",
"lastModified": "2024-11-21T04:26:39.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T14:15:15.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2015-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B899CE76-F4D2-4845-BF2F-5C7E24735526",
"versionEndExcluding": "11.48.4.8",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9A02AA-A447-4AD5-B6B4-0E0104A8E19D",
"versionEndExcluding": "11.50.3.1",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7E4948-CCFF-459D-8FF6-E385D50A57AD",
"versionEndExcluding": "11.52.0.23",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAF88E2-FF31-4FAE-A7F0-EF19973A4413",
"versionEndExcluding": "11.52.1.1",
"versionStartIncluding": "11.52.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.0, permite una omisi\u00f3n del l\u00edmite de env\u00edo de correo electr\u00f3nico (SEC-60)."
}
],
"id": "CVE-2016-10857",
"lastModified": "2024-11-21T02:44:55.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2015-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-27 02:15
Modified
2024-11-21 05:23
Severity ?
Summary
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B141DB5-B4DF-4DC4-96EE-91EC602EECAA",
"versionEndExcluding": "11.86.0.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A901C76E-8807-49CA-BCC3-BEF37B76ECC3",
"versionEndExcluding": "11.90.0.17",
"versionStartIncluding": "11.90.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD001D3-2FE1-4E42-9D3F-173B08B970B2",
"versionEndExcluding": "11.92.0.2",
"versionStartIncluding": "11.92.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 90.0.17, el 2FA, puede ser omitido por medio de un enfoque de fuerza bruta (SEC-575)"
}
],
"id": "CVE-2020-29136",
"lastModified": "2024-11-21T05:23:40.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-27T02:15:11.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C0F44-05FE-4C26-9CD9-13A5630C8DAB",
"versionEndExcluding": "56.0.51",
"versionStartIncluding": "56.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCAEC05-C807-4607-A362-6438A069D5C6",
"versionEndExcluding": "58.0.52",
"versionStartIncluding": "58.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB00CEC-8A7C-4A6D-B7F0-44888D0F654A",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A61832-3412-4384-B09C-4E559FCC2AC0",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE17BA2-BDD4-42E3-AA74-04B481FAFAB7",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1F5D15-72DA-4E1A-8531-E78BA42520EB",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "66.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, el archivo cpdavd_error_log puede ser creado con permisos d\u00e9biles (SEC-280)."
}
],
"id": "CVE-2017-18425",
"lastModified": "2024-11-21T03:20:05.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 64.0.21, la conversi\u00f3n Horde de MySQL a SQLite puede filtrar una contrase\u00f1a de base de datos (SEC-234)."
}
],
"id": "CVE-2017-18432",
"lastModified": "2024-11-21T03:20:06.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B899CE76-F4D2-4845-BF2F-5C7E24735526",
"versionEndExcluding": "11.48.4.8",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9A02AA-A447-4AD5-B6B4-0E0104A8E19D",
"versionEndExcluding": "11.50.3.1",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7E4948-CCFF-459D-8FF6-E385D50A57AD",
"versionEndExcluding": "11.52.0.23",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAF88E2-FF31-4FAE-A7F0-EF19973A4413",
"versionEndExcluding": "11.52.1.1",
"versionStartIncluding": "11.52.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.0, permite una modificaci\u00f3n de zona no autorizada por medio de la API de WHM (SEC-66)."
}
],
"id": "CVE-2016-10860",
"lastModified": "2024-11-21T02:44:55.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-03 15:59
Modified
2024-11-21 03:28
Severity ?
Summary
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2017/01/28/8 | Mailing List | |
| cve@mitre.org | http://www.securityfocus.com/bid/95870 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://news.cpanel.com/tsr-2017-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2017/01/28/8 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95870 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.cpanel.com/tsr-2017-0001-full-disclosure/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de redirecci\u00f3n abierta en cgiemail y cgiecho permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de vectores que involucran el par\u00e1metro (1) success o (2) failure."
}
],
"id": "CVE-2017-5614",
"lastModified": "2024-11-21T03:28:00.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-03T15:59:00.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95870"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 14:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBE994D-E107-4384-98AC-FE42A4BEBE68",
"versionEndExcluding": "11.52.6.6",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AF87F9-CFA5-4942-B62E-A0C032D86510",
"versionEndExcluding": "11.54.0.29",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5A07E2-FF68-4F7B-AE0B-EA7BB2710D32",
"versionEndExcluding": "56.0.34",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0244CA83-34E0-435A-94AA-3D84151A4CD0",
"versionEndExcluding": "58.0.29",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC3C7FC-99F6-4307-BE35-08C4E2ABBA2E",
"versionEndExcluding": "59.9999.145",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 59.9999.145, permite un ataque de tipo XSS almacenado en la interfaz de tail_upcp2.cgi de WHM (SEC-156)."
}
],
"id": "CVE-2016-10795",
"lastModified": "2024-11-21T02:44:46.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T14:15:11.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite la escalada de privilegios locales por medio de la interfaz Locale XML Upload de WHM (SEC-380)."
}
],
"id": "CVE-2018-20926",
"lastModified": "2024-11-21T04:02:29.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
The email quota cache in cPanel before 90.0.10 allows overwriting of files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0B897-CD1C-46D1-9F21-FB0FA041E8AA",
"versionEndExcluding": "90.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The email quota cache in cPanel before 90.0.10 allows overwriting of files."
},
{
"lang": "es",
"value": "La cach\u00e9 de cuotas de correo electr\u00f3nico en cPanel versiones anteriores a 90.0.10, permite sobrescribir archivos"
}
],
"id": "CVE-2020-26112",
"lastModified": "2024-11-21T05:19:15.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite un ataque de tipo XSS propio en la interfaz cPAddons showsecurity de WHM (SEC-217)."
}
],
"id": "CVE-2017-18456",
"lastModified": "2024-11-21T03:20:09.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-12 16:20
Modified
2024-11-21 00:46
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CF562242-C032-4D52-9464-91EF5C9EEA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80AD4CE4-714E-4949-B676-F1F692172773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC2F2A-3A9C-4B7D-8B20-4DBEB6DF9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "67891987-C727-45FF-B027-11B25D2849D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "011314F7-1977-453B-B308-DB776DF604E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "051B4B2E-BF9B-4EA8-973B-6D96A1618F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en la interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos realizar acciones sin autorizaci\u00f3n como administradores cPanel mediante peticiones a cpanel/whm/webmail y otros vectores no especificados."
}
],
"id": "CVE-2008-2071",
"lastModified": "2024-11-21T00:46:00.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-12T16:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30166"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3866"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29125"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-11 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"Allow cPanel users to reset their password via email\" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass."
}
],
"id": "CVE-2004-1769",
"lastModified": "2024-11-20T23:51:42.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107904890724201\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11111"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9848"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107904890724201\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15443"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:17
Severity ?
Summary
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E33D45-B9A5-49B2-BAFD-BAE3CF40C3DD",
"versionEndExcluding": "11.98.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 96.0.8, unos permisos d\u00e9biles en las estad\u00edsticas web pueden conllevar a una divulgaci\u00f3n de informaci\u00f3n (SEC-584)"
}
],
"id": "CVE-2021-38590",
"lastModified": "2024-11-21T06:17:35.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:08.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 78.0.2, un archivo temporal de la cach\u00e9 de datos de usuario puede entrar en conflicto con los dominios (SEC-478)."
}
],
"id": "CVE-2019-14414",
"lastModified": "2024-11-21T04:26:42.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:12.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "688E88AF-7811-4BD7-89DA-4D9569D0EDB8",
"versionEndExcluding": "71.9980.37",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite operaciones arbitrarias de desenlace de archivos por medio del sistema de moderaci\u00f3n cPAddons (SEC-395)."
}
],
"id": "CVE-2018-20897",
"lastModified": "2024-11-21T04:02:25.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.863",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C0F44-05FE-4C26-9CD9-13A5630C8DAB",
"versionEndExcluding": "56.0.51",
"versionStartIncluding": "56.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCAEC05-C807-4607-A362-6438A069D5C6",
"versionEndExcluding": "58.0.52",
"versionStartIncluding": "58.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB00CEC-8A7C-4A6D-B7F0-44888D0F654A",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A61832-3412-4384-B09C-4E559FCC2AC0",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE17BA2-BDD4-42E3-AA74-04B481FAFAB7",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1F5D15-72DA-4E1A-8531-E78BA42520EB",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "66.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, la conversi\u00f3n EasyApache 4 establece una propiedad y permisos de domlog d\u00e9biles (SEC-272)."
}
],
"id": "CVE-2017-18422",
"lastModified": "2024-11-21T03:20:04.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite a un usuario detectar el contenido de directorios (que no son propiedad de dicho usuario) mediante el aprovechamiento de las copias de seguridad (SEC-339)."
}
],
"id": "CVE-2018-20939",
"lastModified": "2024-11-21T04:02:31.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 57.9999.54, en el archivo /scripts/checkinfopages expuso un TTY en un proceso no privilegiado (SEC-114)."
}
],
"id": "CVE-2016-10809",
"lastModified": "2024-11-21T02:44:48.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2015-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B899CE76-F4D2-4845-BF2F-5C7E24735526",
"versionEndExcluding": "11.48.4.8",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9A02AA-A447-4AD5-B6B4-0E0104A8E19D",
"versionEndExcluding": "11.50.3.1",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7E4948-CCFF-459D-8FF6-E385D50A57AD",
"versionEndExcluding": "11.52.0.23",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAF88E2-FF31-4FAE-A7F0-EF19973A4413",
"versionEndExcluding": "11.52.1.1",
"versionStartIncluding": "11.52.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.0, permite cambios de contrase\u00f1a no autorizados por medio de comandos de la API de Webmail (SEC-65)."
}
],
"id": "CVE-2016-10859",
"lastModified": "2024-11-21T02:44:55.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2015-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE91306B-6904-409F-B07B-138F02A33F40",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "56.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC7D380-7D81-410E-BCBA-849B43DF3D9B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "58.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30C71E1-3637-4822-BB84-7DD3888F30DB",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C618804-1CA5-4B06-9707-9B61F8A7F642",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7DCF36-29DD-4EBC-8F12-2951DF18FDA8",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "64.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a los usuarios demo ejecutar traceroute por medio de la api2 (SEC-244)."
}
],
"id": "CVE-2017-18440",
"lastModified": "2024-11-21T03:20:07.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS auto almacenado en SSL_listkeys (SEC-182)."
}
],
"id": "CVE-2016-10783",
"lastModified": "2024-11-21T02:44:44.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.667",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 16:15
Modified
2024-11-21 05:00
Severity ?
Summary
cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5CC2C0-D870-43DD-A1BA-0F583C4F3356",
"versionEndExcluding": "11.78.0.47",
"versionStartIncluding": "11.78.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6260EEE-B41B-40F4-8737-21EE83B665B1",
"versionEndExcluding": "11.84.0.22",
"versionStartIncluding": "11.84.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B56BFF5-15A6-4D4C-B4B5-D7F8B9E40378",
"versionEndExcluding": "11.86.0.14",
"versionStartIncluding": "11.86.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 86.0.14, permite a atacantes remotos activar una suspensi\u00f3n del ancho de banda por medio de cadenas de registro de correo (SEC-505)."
}
],
"id": "CVE-2020-12784",
"lastModified": "2024-11-21T05:00:17.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T16:15:13.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, hace que el contenido del sitio web sea accesible para otros usuarios locales por medio de repositorios Git (SEC-443)."
}
],
"id": "CVE-2018-20894",
"lastModified": "2024-11-21T04:02:24.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77)."
},
{
"lang": "es",
"value": "El script chcpass en cPanel anterior a versi\u00f3n 11.54.0.4, revela un hash de contrase\u00f1a (SEC-77)."
}
],
"id": "CVE-2016-10844",
"lastModified": "2024-11-21T02:44:53.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS propio en la interfaz de carga de alias (SEC-184)."
}
],
"id": "CVE-2016-10784",
"lastModified": "2024-11-21T02:44:44.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-03 18:05
Modified
2024-11-21 00:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "171A9543-5405-475E-861C-F04106118417",
"versionEndIncluding": "10.8.2_current_118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados(XSS) en frontend/x/files/select.html en cPanel v10.8.2-CURRENT 118 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro \"file\"."
}
],
"id": "CVE-2006-3337",
"lastModified": "2024-11-21T00:13:23.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-07-03T18:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20840"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016383"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438355/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438477/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18655"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2547"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438355/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438477/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27403"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite operaciones arbitrarias de lectura de archivos y desvinculaci\u00f3n de archivos por medio de cargas de estilo de WHM (SEC-378)."
}
],
"id": "CVE-2018-20924",
"lastModified": "2024-11-21T04:02:29.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F18E-DCE6-4780-9A4D-A95E1C44AD2B",
"versionEndExcluding": "56.0.51",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1655B2-A0F5-48FD-9A8C-03129C02A2DE",
"versionEndExcluding": "58.0.52",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBFF216-2F0A-48F8-9A4D-63179DFACD53",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F646E95-64DD-4F95-9CF2-DD02A8E15931",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EC469B-7352-479A-B1A2-A8564B979477",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F31B57-361E-4D48-AF91-85DFA98D0011",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, los registros de dominio SSL del servidor HTTP de Apache pueden persistir sobre el disco despu\u00e9s de la finalizaci\u00f3n de una cuenta (SEC-291)."
}
],
"id": "CVE-2017-18429",
"lastModified": "2024-11-21T03:20:05.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite a atacantes omitir las restricciones previstas sobre las funcionalidades y cuentas demo por medio de llamadas a la UAPI WebDisk (SEC-541)."
}
],
"id": "CVE-2020-10116",
"lastModified": "2024-11-21T04:54:51.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3948284A-684D-4B8E-B745-E560BEE97D58",
"versionEndExcluding": "70.0.57",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5258B190-67A6-434C-93C1-D2EC122BE75F",
"versionEndExcluding": "74.0.8",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite a los usuarios locales deshabilitar el demonio de ClamAV (SEC-409)."
}
],
"id": "CVE-2018-20873",
"lastModified": "2024-11-21T04:02:21.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite una redireccionamiento abierto por medio del endpoint del archivo /unprotected/redirect.html (SEC-392)."
}
],
"id": "CVE-2018-20929",
"lastModified": "2024-11-21T04:02:29.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.18, permite que las cuentas demo ejecuten c\u00f3digo por medio del archivo securitypolicy.cg (SEC-487)."
}
],
"id": "CVE-2019-14405",
"lastModified": "2024-11-21T04:26:41.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-09 20:02
Modified
2024-11-21 00:08
Severity ?
Summary
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netenberg | fantastico_de_luxe | * | |
| cpanel | cpanel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54FEA113-975A-4252-9418-64F11FF98E32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message."
}
],
"id": "CVE-2006-1119",
"lastModified": "2024-11-21T00:08:07.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-09T20:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:19
Severity ?
Summary
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite cuentas enjauladas para restaurar archivos que est\u00e1n fuera de la jaula (SEC-310)."
}
],
"id": "CVE-2017-18384",
"lastModified": "2024-11-21T03:19:59.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:19
Severity ?
Summary
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, puede realizar operaciones de archivo no seguras debido a que Jailshell no ajusta la umask (SEC-315)."
}
],
"id": "CVE-2017-18388",
"lastModified": "2024-11-21T03:19:59.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-30 22:29
Modified
2024-11-21 03:52
Severity ?
Summary
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cxsecurity.com/issue/WLB-2018080093 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cxsecurity.com/issue/WLB-2018080093 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D50A65BE-20D6-4535-AB4D-23773854E6C5",
"versionEndIncluding": "74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering."
},
{
"lang": "es",
"value": "cPanel hasta la versi\u00f3n 74 permite Cross-Site Scripting (XSS) mediante un nombre de archivo manipulado en el subdirectorio logs de una cuenta de usuario, debido a que el nombre de archivo se gestiona de manera incorrecta durante el renderizado de frontend/THEME/raw/index.html."
}
],
"id": "CVE-2018-16236",
"lastModified": "2024-11-21T03:52:21.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-30T22:29:00.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2018080093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cxsecurity.com/issue/WLB-2018080093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354)."
},
{
"lang": "es",
"value": "En el archivo bin/csvprocess en cPanel anterior a versi\u00f3n 68.0.27, permite operaciones de archivos no seguras. (SEC-354)."
}
],
"id": "CVE-2018-20945",
"lastModified": "2024-11-21T04:02:31.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite a atacantes conducir operaciones chown arbitrarias como root durante el procesamiento de registros (SEC-532)."
}
],
"id": "CVE-2019-20496",
"lastModified": "2024-11-21T04:38:37.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0B897-CD1C-46D1-9F21-FB0FA041E8AA",
"versionEndExcluding": "90.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 90.0.10, permite un ataque de tipo auto-XSS por medio de las interfaces WHM Manage API Tokens (SEC-569)"
}
],
"id": "CVE-2020-26113",
"lastModified": "2024-11-21T05:19:15.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/tsr-2017-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, permite un ataque de tipo auto XSS en la p\u00e1gina Password and Security de correo web (SEC-199)."
}
],
"id": "CVE-2017-18473",
"lastModified": "2024-11-21T03:20:12.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite operaciones de sobrescritura de archivos arbitrarias en el archivo scripts/quotacheck (SEC-81)."
}
],
"id": "CVE-2016-10848",
"lastModified": "2024-11-21T02:44:53.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de archivos adjuntos de la lista de correos (SEC-452)."
}
],
"id": "CVE-2018-20863",
"lastModified": "2024-11-21T04:02:20.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:10.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon configuring crontab (SEC-351)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite a los atacantes leer el archivo crontab de root durante un intervalo de tiempo corto al configurar crontab (SEC-351)."
}
],
"id": "CVE-2018-20942",
"lastModified": "2024-11-21T04:02:31.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 88.0.3, Mailman usa una contrase\u00f1a de sitio no segura en una VM con plantilla (SEC-551)"
}
],
"id": "CVE-2020-26103",
"lastModified": "2024-11-21T05:19:14.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-521"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite a los atacantes leer informaci\u00f3n de la zona porque un archivo confiable para todo el mundo es creado mediante el script archive_sync_zones. (SEC-355)"
}
],
"id": "CVE-2018-20946",
"lastModified": "2024-11-21T04:02:32.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-28 15:32
Modified
2024-11-21 00:46
Severity ?
Summary
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:stable:*:*:*:*:*:*",
"matchCriteriaId": "DBB5DAB4-FCFE-4E45-9DB8-A3F2783D8CFB",
"versionEndIncluding": "11.8.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:current:*:*:*:*:*:*",
"matchCriteriaId": "3B9223E1-8A55-4614-99FC-92C84A4D6E0B",
"versionEndIncluding": "11.23.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating \"I\u0027m unable to reproduce such an issue on multiple servers running different versions of cPanel."
},
{
"lang": "es",
"value": "** CUESTIONADA ** scripts/wwwacct en cPanel 11.18.6 STABLE y anteriores, y 11.23.1 CURRENT y anteriores, permite a usuarios autenticados remotamente con privilegios de re-vendedor ejecutar c\u00f3digo arbitrario a trav\u00e9s de meta caracteres de consola en el campo de direcci\u00f3n en un Email (tambi\u00e9n conocido como campo de texto de Email). NOTA: el fabricante cuestiona que, \"Me es imposible reproducir ese fallo en distintos servidores ejecutando diferentes versiones de cPanel.\""
}
],
"id": "CVE-2008-2478",
"lastModified": "2024-11-21T00:46:57.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-28T15:32:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492223/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492259/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29277"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020042"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492223/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492259/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42529"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474)."
},
{
"lang": "es",
"value": "Maketext en cPanel anterior a versi\u00f3n 78.0.2, permite la inyecci\u00f3n de cadenas de formato en la UAPI check_domains_via_dns de DCV (SEC-474)."
}
],
"id": "CVE-2019-14412",
"lastModified": "2024-11-21T04:26:42.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:12.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-12 16:20
Modified
2024-11-21 00:46
Severity ?
Summary
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CF562242-C032-4D52-9464-91EF5C9EEA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80AD4CE4-714E-4949-B676-F1F692172773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC2F2A-3A9C-4B7D-8B20-4DBEB6DF9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "67891987-C727-45FF-B027-11B25D2849D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "011314F7-1977-453B-B308-DB776DF604E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "051B4B2E-BF9B-4EA8-973B-6D96A1618F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered \"\u003c\" and \"\u003e\" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors."
},
{
"lang": "es",
"value": "La interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos evitar la protecci\u00f3n XSS e inyectar secuencias de comandos o HTML de su elecci\u00f3n mediante caracteres \"\u003c\" y \"\u003e\" repetidos ordenados incorrectamente en los par\u00e1metros 1) issue a scripts2/knowlegebase, (2) user a scripts2/changeip, (3) search a scripts2/listaccts y otros vectores no especificados."
}
],
"id": "CVE-2008-2070",
"lastModified": "2024-11-21T00:46:00.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-12T16:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30166"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3866"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29125"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42305"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, presenta una vulnerabilidad de tipo XSS almacenado por medio de una acci\u00f3n Edit DNS Zone de WHM (SEC-410)."
}
],
"id": "CVE-2018-20933",
"lastModified": "2024-11-21T04:02:30.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:14.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB00CEC-8A7C-4A6D-B7F0-44888D0F654A",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A61832-3412-4384-B09C-4E559FCC2AC0",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE17BA2-BDD4-42E3-AA74-04B481FAFAB7",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1F5D15-72DA-4E1A-8531-E78BA42520EB",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "66.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 66.0.2, permite a las cuentas demo crear bases de datos y usuarios (SEC-271)."
}
],
"id": "CVE-2017-18421",
"lastModified": "2024-11-21T03:20:04.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.037",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, no aplica la propiedad durante las llamadas de la API de WHM addpkgext y delpkgext (SEC-324)."
}
],
"id": "CVE-2018-20938",
"lastModified": "2024-11-21T04:02:30.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite operaciones de lectura de archivos arbitrarias debido a la l\u00f3gica de modificaci\u00f3n .htaccess de copia de seguridad (SEC-345)."
}
],
"id": "CVE-2017-18405",
"lastModified": "2024-11-21T03:20:02.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.193",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF36B181-4DE9-4D36-AC5D-31B2F4E6F2D7",
"versionEndExcluding": "11.52.6.2",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "315E7D30-1B7E-43A2-A405-FAED84DEA24C",
"versionEndExcluding": "11.54.0.26",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E59834-A31B-4BBD-AA31-C85BA27E1BBB",
"versionEndExcluding": "56.0.27",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2220C8-D448-4F18-B279-8079FA963005",
"versionEndExcluding": "58.0.4",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 58.0.4, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de otras cuentas de usuario por medio del manejador CGI de PHP (SEC-142)."
}
],
"id": "CVE-2016-10802",
"lastModified": "2024-11-21T02:44:47.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite un ataque de tipo XSS auto almacenado en Edit System Mail Preferences de WHM (SEC-96)."
}
],
"id": "CVE-2016-10827",
"lastModified": "2024-11-21T02:44:50.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 62.0.17, la conversi\u00f3n de dominio addon no requiri\u00f3 un paquete para proveedores (resellers) (SEC-208)."
}
],
"id": "CVE-2017-18455",
"lastModified": "2024-11-21T03:20:09.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3948284A-684D-4B8E-B745-E560BEE97D58",
"versionEndExcluding": "70.0.57",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5258B190-67A6-434C-93C1-D2EC122BE75F",
"versionEndExcluding": "74.0.8",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite operaciones de escritura de archivos arbitrarias en el contexto de la cuenta root durante un Force de Cambio de Contrase\u00f1a de WHM (SEC-447)."
}
],
"id": "CVE-2018-20882",
"lastModified": "2024-11-21T04:02:23.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, no comprueba los nombres de base de datos y dbuser durante los cambios de nombre (SEC-321)."
}
],
"id": "CVE-2018-20937",
"lastModified": "2024-11-21T04:02:30.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B24A9B-F2D3-4282-9270-0A6E3166B726",
"versionEndExcluding": "56.0.52",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "179399A2-B445-44BF-BB64-F212CB267EB0",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296)."
},
{
"lang": "es",
"value": "cPanel anterior al versi\u00f3n 67.9999.103, permite que los archivos de registro del Servidor HTTP de Apache sean legibles en todo el mundo debido al manejo inapropiado de un cambio de nombre de cuenta (SEC-296)."
}
],
"id": "CVE-2017-18412",
"lastModified": "2024-11-21T03:20:03.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.630",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ED27CCE-E4F8-414F-BB24-E83183AD4252",
"versionEndExcluding": "56.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, establece incorrectamente los permisos de archivos de registro en el arranque de dnsadmin y arranque de spamd (SEC-124)."
}
],
"id": "CVE-2016-10818",
"lastModified": "2024-11-21T02:44:49.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:13.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM \"Delete a DNS Zone\" action (SEC-375)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de una acci\u00f3n \"Delete a DNS Zone\" de WHM (SEC-375)."
}
],
"id": "CVE-2018-20921",
"lastModified": "2024-11-21T04:02:28.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B24A9B-F2D3-4282-9270-0A6E3166B726",
"versionEndExcluding": "56.0.52",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7EBC48-3B0B-4641-9A6F-57229E8CE7D3",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 67.9999.103, a user account\u0027s backup archive could contain all MySQL databases on the server (SEC-284)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 67.9999.103, el archivo de copia de seguridad de una cuenta de usuario podr\u00eda contener todas las bases de datos MySQL en el servidor (SEC-284)."
}
],
"id": "CVE-2017-18410",
"lastModified": "2024-11-21T03:20:03.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo redireccionar el tr\u00e1fico web (SEC-245)."
}
],
"id": "CVE-2017-18441",
"lastModified": "2024-11-21T03:20:07.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497)."
},
{
"lang": "es",
"value": "chsh en cPanel versiones anteriores a 88.0.3, permite un escape Jailshell (SEC-497)"
}
],
"id": "CVE-2020-26100",
"lastModified": "2024-11-21T05:19:13.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:13.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:17
Severity ?
Summary
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4671AC-FD88-400B-9442-92A6810E67BB",
"versionEndExcluding": "96.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 96.0.13, fix_cpanel_perl no verifica la integridad de las descargas (SEC-587)"
}
],
"id": "CVE-2021-38588",
"lastModified": "2024-11-21T06:17:35.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:08.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-494"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-22 20:00
Modified
2024-11-21 00:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3919CF-D66F-4713-8E34-F4C9E9EDFB31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en dohtaccess.html en cPanel anterior a 11.17 construcci\u00f3n 19417 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro rurl. NOTA: algunos de estos detalles se obtuvieron de terceras fuentes de informaci\u00f3n."
}
],
"id": "CVE-2008-0370",
"lastModified": "2024-11-21T00:41:53.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-22T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://aria-security.net/forum/showthread.php?p=1238"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28561"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3561"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486404/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aria-security.net/forum/showthread.php?p=1238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3561"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486404/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 14:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBE994D-E107-4384-98AC-FE42A4BEBE68",
"versionEndExcluding": "11.52.6.6",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AF87F9-CFA5-4942-B62E-A0C032D86510",
"versionEndExcluding": "11.54.0.29",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5A07E2-FF68-4F7B-AE0B-EA7BB2710D32",
"versionEndExcluding": "56.0.34",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0244CA83-34E0-435A-94AA-3D84151A4CD0",
"versionEndExcluding": "58.0.29",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC3C7FC-99F6-4307-BE35-08C4E2ABBA2E",
"versionEndExcluding": "59.9999.145",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 59.9999.145, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de otras cuentas por medio de archivos de lista mailman (SEC-141)."
}
],
"id": "CVE-2016-10792",
"lastModified": "2024-11-21T02:44:45.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T14:15:11.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, permite la ejecuci\u00f3n arbitraria de c\u00f3digo en el contexto de la cuenta root por medio de adminbin de dnssec (SEC-465)."
}
],
"id": "CVE-2018-20869",
"lastModified": "2024-11-21T04:02:21.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:10.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E59834-A31B-4BBD-AA31-C85BA27E1BBB",
"versionEndExcluding": "56.0.27",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2220C8-D448-4F18-B279-8079FA963005",
"versionEndExcluding": "58.0.4",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 58.0.4, permite el escape del modo demo por medio de llamadas de la API de Site Templates and Boxtrapper (SEC-138)."
}
],
"id": "CVE-2016-10800",
"lastModified": "2024-11-21T02:44:46.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.247",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite a los atacantes omitir una Pol\u00edtica de Seguridad mediante la falsificaci\u00f3n de documentos est\u00e1ticos (SEC-92)."
}
],
"id": "CVE-2016-10825",
"lastModified": "2024-11-21T02:44:50.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7EB24A-90DC-4041-9D8D-85E79814A456",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.52.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite la ejecuci\u00f3n de c\u00f3digo arbitraria no autenticada por medio de cpsrvd (SEC-91)."
}
],
"id": "CVE-2016-10855",
"lastModified": "2024-11-21T02:44:54.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73688389-0B7B-4AB8-81E6-24B96618EB21",
"versionEndExcluding": "70.0.53",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, permite ciertas operaciones de lectura de archivos por medio del almacenamiento en cach\u00e9 de archivos de contrase\u00f1a (SEC-425)."
}
],
"id": "CVE-2018-20889",
"lastModified": "2024-11-21T04:02:24.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.067",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite un ataque de inyecci\u00f3n de correo electr\u00f3nico durante la moderaci\u00f3n de cPAddons (SEC-396)."
}
],
"id": "CVE-2018-20898",
"lastModified": "2024-11-21T04:02:25.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite a los atacantes realizar llamadas de la API que omiten la restricci\u00f3n de la funcionalidad cron (SEC-427)."
}
],
"id": "CVE-2018-20904",
"lastModified": "2024-11-21T04:02:26.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.18, ofrece una retransmisi\u00f3n de correo abierto debido al enrutamiento incorrecto de un redireccionamiento de dominio (SEC-483)."
}
],
"id": "CVE-2019-14403",
"lastModified": "2024-11-21T04:26:40.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 12:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite el acceso a recursos restringidos debido a un error de filtrado URL (SEC-229)."
}
],
"id": "CVE-2017-18467",
"lastModified": "2024-11-21T03:20:11.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T12:15:11.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 12:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, no presenta una lista de nombres de usuario reservados suficiente (SEC-227)."
}
],
"id": "CVE-2017-18465",
"lastModified": "2024-11-21T03:20:11.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T12:15:11.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1029F999-C054-446C-B4B9-6A83BE86D00C",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24410C8-6764-4AAD-A522-B9B85C9B0B6C",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "68.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "338CD67C-4929-4FEA-85AD-DB599014DD92",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "70.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite un ataque de tipo XSS almacenado en la funcionalidad de auto reparaci\u00f3n YUM (SEC-399)."
}
],
"id": "CVE-2018-20900",
"lastModified": "2024-11-21T04:02:25.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:13.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:32
Severity ?
Summary
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2019-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F3AB06-4280-4FCD-8DDC-393FA7444B53",
"versionEndExcluding": "82.0.15",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.15, permite que las credenciales de token de la API persistan despu\u00e9s de que una cuenta ha sido renombrada o cancelada (SEC-517)."
}
],
"id": "CVE-2019-17375",
"lastModified": "2024-11-21T04:32:12.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:15.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2019-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite operaciones arbitrarias de lectura de archivos por medio de vdomainaliases de Exim (SEC-329)."
}
],
"id": "CVE-2017-18396",
"lastModified": "2024-11-21T03:20:01.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-26 19:30
Modified
2024-11-21 00:34
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9B19614-4620-480A-8FEE-3273D402965C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el frontend/x/htaccess/changepro.html del cPanel 10.9.1 permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro resname."
}
],
"id": "CVE-2007-4022",
"lastModified": "2024-11-21T00:34:36.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-26T19:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26191"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2930"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/474556/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25047"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2688"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/474556/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35652"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite a los atacantes leer una copia del archivo httpd.conf que se crea durante una prueba de sintaxis (SEC-353)."
}
],
"id": "CVE-2018-20944",
"lastModified": "2024-11-21T04:02:31.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B899CE76-F4D2-4845-BF2F-5C7E24735526",
"versionEndExcluding": "11.48.4.8",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite un ataque de tipo XSS almacenado en la interfaz Feature Manager de WHM (SEC-86)."
}
],
"id": "CVE-2016-10853",
"lastModified": "2024-11-21T02:44:54.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7EB24A-90DC-4041-9D8D-85E79814A456",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.52.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite la ejecuci\u00f3n de c\u00f3digo arbitrario por medio del archivo scripts/synccpaddonswithsqlhost (SEC-83)."
}
],
"id": "CVE-2016-10850",
"lastModified": "2024-11-21T02:44:54.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.18, permite ciertas operaciones de lectura de archivos en el contexto de la cuenta root por medio del enrutador Exim virtual_user_spam (SEC-484)."
}
],
"id": "CVE-2019-14404",
"lastModified": "2024-11-21T04:26:41.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2927869B-A80C-4801-9AB8-078649CD8E38",
"versionEndExcluding": "71.9980.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to read root\u0027s crontab file by leveraging ClamAV installation (SEC-408)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite a los atacantes leer el archivo crontab de root mediante el aprovechamiento de la instalaci\u00f3n de ClamAV (SEC-408)."
}
],
"id": "CVE-2018-20902",
"lastModified": "2024-11-21T04:02:25.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite un ataque de tipo XSS propio en Include Editor de Apache Configuration de WHM. (SEC-385)."
}
],
"id": "CVE-2018-20949",
"lastModified": "2024-11-21T04:02:32.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:13.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, presenta una vulnerabilidad de tipo XSS Propia en el campo Destino de Copia de Seguridad Adicional de WHM (SEC-459)."
}
],
"id": "CVE-2018-20865",
"lastModified": "2024-11-21T04:02:20.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:10.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/tsr-2017-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, permite un ataque de tipo XSS almacenado en la interfaz Account Suspension List de WHM (SEC-211)."
}
],
"id": "CVE-2017-18481",
"lastModified": "2024-11-21T03:20:13.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "688E88AF-7811-4BD7-89DA-4D9569D0EDB8",
"versionEndExcluding": "71.9980.37",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite un ataque de inyecci\u00f3n de c\u00f3digo en la interfaz cPAddons de WHM (SEC-394)."
}
],
"id": "CVE-2018-20896",
"lastModified": "2024-11-21T04:02:25.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, no aplica restricciones demo para llamadas de la API en SSL (SEC-249)."
}
],
"id": "CVE-2017-18445",
"lastModified": "2024-11-21T03:20:08.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.840",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite operaciones arbitrarias de lectura de archivos y escritura de archivos por medio de scripts/fixmailboxpath (SEC-80)."
}
],
"id": "CVE-2016-10847",
"lastModified": "2024-11-21T02:44:53.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:19
Severity ?
Summary
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite a los usuarios sin privilegios acceder a directorios restringidos durante las restauraciones de cuentas (SEC-311)."
}
],
"id": "CVE-2017-18385",
"lastModified": "2024-11-21T03:19:59.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 62.0.4, los transportes de Exim podr\u00edan ejecutarse en el contexto de la cuenta nobody (SEC-206)."
}
],
"id": "CVE-2017-18477",
"lastModified": "2024-11-21T03:20:12.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:32
Severity ?
Summary
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15F8D235-EEA4-42B6-BF23-AB5FD9E7662B",
"versionEndExcluding": "78.0.39",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F3AB06-4280-4FCD-8DDC-393FA7444B53",
"versionEndExcluding": "82.0.15",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz SSL Certificate Upload (SEC-521)."
}
],
"id": "CVE-2019-17376",
"lastModified": "2024-11-21T04:32:12.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:15.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:32
Severity ?
Summary
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE86029C-DDB9-42F8-99A6-3AC461DB04F1",
"versionEndExcluding": "82.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz WHM Update Preferences (SEC-528)."
}
],
"id": "CVE-2019-17380",
"lastModified": "2024-11-21T04:32:13.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:15.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC14524B-0B3F-44C7-9D6E-63EE1558E9A2",
"versionEndExcluding": "84.0.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite a revendedores lograr una ejecuci\u00f3n de c\u00f3digo remota como root por medio de un shell cpsrvd rsync (SEC-545)."
}
],
"id": "CVE-2020-10120",
"lastModified": "2024-11-21T04:54:51.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:14.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7408F14F-6D46-411A-B62A-08F632537813",
"versionEndExcluding": "66.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 66.0.2, permite un ataque de tipo XSS almacenado durante las operaciones de archivos de cPAddons de WHM (SEC-265)."
}
],
"id": "CVE-2017-18418",
"lastModified": "2024-11-21T03:20:04.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:11.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-27 02:15
Modified
2024-11-21 05:23
Severity ?
Summary
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/90-change-log/ | Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/90-change-log/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2D3851-C81B-40B3-ADF7-1187C2BFA221",
"versionEndExcluding": "90.0.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 90.0.17, presenta m\u00faltiples instancias de inyecci\u00f3n de par\u00e1metros URL (SEC-567)"
}
],
"id": "CVE-2020-29135",
"lastModified": "2024-11-21T05:23:40.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-27T02:15:10.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-838"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7408F14F-6D46-411A-B62A-08F632537813",
"versionEndExcluding": "66.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 66.0.2, permite un ataque de tipo XSS almacenado durante la desinstalaci\u00f3n de cPAddons de WHM (SEC-266)."
}
],
"id": "CVE-2017-18419",
"lastModified": "2024-11-21T03:20:04.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:11.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite la ejecuci\u00f3n del c\u00f3digo root local por medio de cpdavd (SEC-333)."
}
],
"id": "CVE-2017-18400",
"lastModified": "2024-11-21T03:20:01.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, presenta un redireccionamiento abierto cuando se restablecen las conexiones (SEC-462)."
}
],
"id": "CVE-2018-20867",
"lastModified": "2024-11-21T04:02:21.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T14:15:14.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS propio en la API de UI_confirm (SEC-180)."
}
],
"id": "CVE-2016-10781",
"lastModified": "2024-11-21T02:44:44.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.510",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite operaciones arbitrarias de lectura de archivos por medio adminbin de restore (SEC-349)."
}
],
"id": "CVE-2018-20941",
"lastModified": "2024-11-21T04:02:31.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite ciertos resultados de denegaci\u00f3n de servicio por medio del archivo /scripts/killpvhost (SEC-112)."
}
],
"id": "CVE-2016-10807",
"lastModified": "2024-11-21T02:44:47.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de la cuenta root por medio de una llamada de adminbin multilang de SET_VHOST_LANG_PACKAGE (SEC-237)."
}
],
"id": "CVE-2017-18434",
"lastModified": "2024-11-21T03:20:06.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 12:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite operaciones arbitrarias de sobrescritura de archivos por medio del Editor de Plantillas de Zona de WHM (SEC-226)."
}
],
"id": "CVE-2017-18464",
"lastModified": "2024-11-21T03:20:10.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T12:15:11.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357)."
},
{
"lang": "es",
"value": "cPanel anterior de la versi\u00f3n 70.0.23 permite auto XSS en la interfaz de seguridad de show WHPA cPAddons (SEC-357)."
}
],
"id": "CVE-2018-20910",
"lastModified": "2024-11-21T04:02:27.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite un ataque de tipo XSS propio en la interfaz Style Upload de WHM (SEC-437)."
}
],
"id": "CVE-2018-20877",
"lastModified": "2024-11-21T04:02:22.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite un ataque de tipo XSS propio en la interfaz listips de WHM. (SEC-389)."
}
],
"id": "CVE-2018-20953",
"lastModified": "2024-11-21T04:02:33.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:13.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.18, permite la ejecuci\u00f3n de c\u00f3digo por medio de una de llamada addforward API1 (SEC-480)."
}
],
"id": "CVE-2019-14401",
"lastModified": "2024-11-21T04:26:40.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:32
Severity ?
Summary
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15F8D235-EEA4-42B6-BF23-AB5FD9E7662B",
"versionEndExcluding": "78.0.39",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F3AB06-4280-4FCD-8DDC-393FA7444B53",
"versionEndExcluding": "82.0.15",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en scripts de ejemplo de LiveAPI (SEC-524)."
}
],
"id": "CVE-2019-17377",
"lastModified": "2024-11-21T04:32:12.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:15.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite la ejecuci\u00f3n de c\u00f3digo arbitrario debido a una ruta (path) no segura de @INC (SEC-97)."
}
],
"id": "CVE-2016-10828",
"lastModified": "2024-11-21T02:44:50.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73688389-0B7B-4AB8-81E6-24B96618EB21",
"versionEndExcluding": "70.0.53",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, almacena de manera insegura los archivos de sesi\u00f3n phpMyAdmin (SEC-418)."
}
],
"id": "CVE-2018-20886",
"lastModified": "2024-11-21T04:02:23.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:11.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, no realiza la comprobaci\u00f3n de autenticaci\u00f3n de dos factores cuando posee otra cuenta (SEC-101)."
}
],
"id": "CVE-2016-10831",
"lastModified": "2024-11-21T02:44:51.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite a los atacantes leer el secreto de SRS por medio del archivo exim.conf (SEC-308)."
}
],
"id": "CVE-2018-20936",
"lastModified": "2024-11-21T04:02:30.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite operaciones arbitrarias de sobrescritura de archivos durante una actualizaci\u00f3n de Roundcube (SEC-164)."
}
],
"id": "CVE-2016-10770",
"lastModified": "2024-11-21T02:44:42.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo y cuentas suspendidas utilizar el reenv\u00edo de puertos en SSH (SEC-247)."
}
],
"id": "CVE-2017-18443",
"lastModified": "2024-11-21T03:20:08.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 12:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite que las cuentas demo ejecuten c\u00f3digo por medio de la API de la funci\u00f3n Htaccess::setphppreference (SEC-232)."
}
],
"id": "CVE-2017-18468",
"lastModified": "2024-11-21T03:20:11.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T12:15:11.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F18E-DCE6-4780-9A4D-A95E1C44AD2B",
"versionEndExcluding": "56.0.51",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1655B2-A0F5-48FD-9A8C-03129C02A2DE",
"versionEndExcluding": "58.0.52",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBFF216-2F0A-48F8-9A4D-63179DFACD53",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F646E95-64DD-4F95-9CF2-DD02A8E15931",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EC469B-7352-479A-B1A2-A8564B979477",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F31B57-361E-4D48-AF91-85DFA98D0011",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, la propiedad de usuarios y grupos puede ser establecida incorrectamente cuando se este usando la funci\u00f3n reassign_post_terminate_cruft (SEC-294)."
}
],
"id": "CVE-2017-18430",
"lastModified": "2024-11-21T03:20:06.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, maneja inapropiadamente el bloqueo basado en nombre de usuario para peticiones PRE en cPHulkd (SEC-104)."
}
],
"id": "CVE-2016-10833",
"lastModified": "2024-11-21T02:44:51.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de una acci\u00f3n Create Account de WHM (SEC-373)."
}
],
"id": "CVE-2018-20919",
"lastModified": "2024-11-21T04:02:28.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2927869B-A80C-4801-9AB8-078649CD8E38",
"versionEndExcluding": "71.9980.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite un ataque de tipo auto XSS en la interfaz Backup Configuration de WHM (SEC-421)."
}
],
"id": "CVE-2018-20903",
"lastModified": "2024-11-21T04:02:26.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite el escape del jailshell debido a un an\u00e1lisis del archivo crontab incorrecto (SEC-382)."
}
],
"id": "CVE-2018-20927",
"lastModified": "2024-11-21T04:02:29.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E87EAE26-4A85-4204-AC16-376D83432344",
"versionEndExcluding": "74.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows SQL injection during database backups (SEC-420)."
},
{
"lang": "es",
"value": "cPanel anterior de la versi\u00f3n 74.0.0 permite la inyecci\u00f3n de SQL durante las copias de seguridad de la base de datos (SEC-420)."
}
],
"id": "CVE-2018-20887",
"lastModified": "2024-11-21T04:02:23.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:11.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C26391-C053-4410-A145-8BED0235D4B7",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.52.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B2A12E-D9A1-4379-9AC0-8EAC95D56EA3",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "11.56.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite operaciones de lectura de archivos arbitrarias para cuentas de Webmail por medio de APIs Branding (SEC-120)."
}
],
"id": "CVE-2016-10815",
"lastModified": "2024-11-21T02:44:49.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:13.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.2, permite determinadas operaciones de escritura de archivos de usuarios compartidos durante el restablecimiento de la conexi\u00f3n (SEC-476)."
}
],
"id": "CVE-2019-14413",
"lastModified": "2024-11-21T04:26:42.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:12.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html."
}
],
"id": "CVE-2004-2308",
"lastModified": "2024-11-20T23:53:01.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/357231"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9853"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/357231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/9853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15485"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 12:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite la omisi\u00f3n de prohibici\u00f3n por un d\u00eda de CPHulk cuando la protecci\u00f3n basada en IP est\u00e1 habilitada (SEC-224)."
}
],
"id": "CVE-2017-18462",
"lastModified": "2024-11-21T03:20:10.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T12:15:11.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 13:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF02DB-E93E-470A-A1C9-ADED148EF6CF",
"versionEndExcluding": "82.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 82.0.2, permite la creaci\u00f3n de archivos no autenticados porque el an\u00e1lisis de registros Exim es manejado inapropiadamente (SEC-507)."
}
],
"id": "CVE-2019-14388",
"lastModified": "2024-11-21T04:26:38.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T13:15:18.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, carece de aplicaci\u00f3n de la ACL en el subsistema AppConfig (SEC-85)."
}
],
"id": "CVE-2016-10852",
"lastModified": "2024-11-21T02:44:54.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite la inyecci\u00f3n de cadena de formato en el manejo de mensajes de excepci\u00f3n (SEC-171)."
}
],
"id": "CVE-2016-10773",
"lastModified": "2024-11-21T02:44:42.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "688E88AF-7811-4BD7-89DA-4D9569D0EDB8",
"versionEndExcluding": "71.9980.37",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 71.9980.37, los tokens de la API conservan las ACL despu\u00e9s de que esas ACL son removidas de las cuentas correspondientes (SEC-393)."
}
],
"id": "CVE-2018-20895",
"lastModified": "2024-11-21T04:02:24.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:40
Severity ?
Summary
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/11.52+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/11.52+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23A85D78-8F43-4BF8-AC0B-2446B662474B",
"versionEndExcluding": "11.52.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.52.0.13, no impide operaciones arbitrarias de lectura de archivos por medio de la funci\u00f3n get_information_for_applications (CPANEL-1221)."
}
],
"id": "CVE-2015-9291",
"lastModified": "2024-11-21T02:40:16.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/11.52+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/11.52+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 57.9999.54, los archivos /scripts/addpop y /scripts/delpop expusieron los TTY (SEC-113)."
}
],
"id": "CVE-2016-10808",
"lastModified": "2024-11-21T02:44:48.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo ejecutar comandos de la API de la funci\u00f3n Cpanel::SPFUI (SEC-246)."
}
],
"id": "CVE-2017-18442",
"lastModified": "2024-11-21T03:20:07.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, permite una cuenta FTP Virtual persistente despu\u00e9s de la eliminaci\u00f3n de su dominio asociado (SEC-454)."
}
],
"id": "CVE-2018-20864",
"lastModified": "2024-11-21T04:02:20.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:10.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, permite a los proveedores (resellers) utilizar la API de enqueue_transfer_item de WHM para colocar en cola los m\u00f3dulos no reorganizados (SEC-213)."
}
],
"id": "CVE-2017-18482",
"lastModified": "2024-11-21T03:20:13.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC14524B-0B3F-44C7-9D6E-63EE1558E9A2",
"versionEndExcluding": "84.0.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite a una cuenta demo lograr una ejecuci\u00f3n de c\u00f3digo remota por medio de un shell cpsrvd rsync (SEC-544)."
}
],
"id": "CVE-2020-10119",
"lastModified": "2024-11-21T04:54:51.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.940",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 88.0.3, Dovecot usa una clave de la API de pol\u00edtica de autenticaci\u00f3n no segura en una m\u00e1quina virtual con plantilla (SEC-550)"
}
],
"id": "CVE-2020-26102",
"lastModified": "2024-11-21T05:19:13.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:13.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E87EAE26-4A85-4204-AC16-376D83432344",
"versionEndExcluding": "74.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, permite la inyecci\u00f3n de la configuraci\u00f3n del Servidor HTTP de Apache debido a la interpolaci\u00f3n variable de DocumentRoot (SEC-416)."
}
],
"id": "CVE-2018-20885",
"lastModified": "2024-11-21T04:02:23.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:13.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite colisiones debido a que las bases de datos PostgreSQL se pueden asignar a varias cuentas (SEC-325)."
}
],
"id": "CVE-2017-18392",
"lastModified": "2024-11-21T03:20:00.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.020",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-10 20:30
Modified
2024-11-21 00:57
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en autoinstall4imagesgalleryupgrade.php en el m\u00f3dulo Fantastico De Luxe para cPanel permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante los par\u00e1metros (1) \"localapp\", (2) \"updatedir\", (3) \"scriptpath_show\", (4) \"domain_show\", (5) \"thispage\", (6) \"thisapp\" y (7) \"currentversion\" en una acci\u00f3n \"Upgrade\"."
}
],
"id": "CVE-2008-6927",
"lastModified": "2024-11-21T00:57:49.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-10T20:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32423"
},
{
"source": "cve@mitre.org",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/49518"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/49518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6897"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B899CE76-F4D2-4845-BF2F-5C7E24735526",
"versionEndExcluding": "11.48.4.8",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9A02AA-A447-4AD5-B6B4-0E0104A8E19D",
"versionEndExcluding": "11.50.3.1",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7E4948-CCFF-459D-8FF6-E385D50A57AD",
"versionEndExcluding": "11.52.0.23",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAF88E2-FF31-4FAE-A7F0-EF19973A4413",
"versionEndExcluding": "11.52.1.1",
"versionStartIncluding": "11.52.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.0, permite a las subcuentas detectar datos confidenciales por medio de fuentes comet (SEC-29)."
}
],
"id": "CVE-2016-10856",
"lastModified": "2024-11-21T02:44:55.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73688389-0B7B-4AB8-81E6-24B96618EB21",
"versionEndExcluding": "70.0.53",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, permite operaciones arbitrarias de lectura de archivos durante la Restauraci\u00f3n de Archivos (SEC-436)."
}
],
"id": "CVE-2018-20891",
"lastModified": "2024-11-21T04:02:24.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-10 15:15
Modified
2024-11-21 01:46
Severity ?
Summary
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9290EF2-31C5-463A-8992-E1F3F6AB5209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:whm:11.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D88B3CFF-8244-4EF6-93F3-683510ECBEE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The clientconf.html and detailbw.html pages in x3 in cPanel \u0026 WHM 11.34.0 (build 8) have a XSS vulnerability."
},
{
"lang": "es",
"value": "Las p\u00e1ginas clientconf.html y detailbw.html en x3 en cPanel \u0026amp; WHM versi\u00f3n 11.34.0 (build 8), presentan una vulnerabilidad de tipo XSS."
}
],
"id": "CVE-2012-6449",
"lastModified": "2024-11-21T01:46:08.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-10T15:15:11.433",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 14:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF36B181-4DE9-4D36-AC5D-31B2F4E6F2D7",
"versionEndExcluding": "11.52.6.2",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "315E7D30-1B7E-43A2-A405-FAED84DEA24C",
"versionEndExcluding": "11.54.0.26",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E59834-A31B-4BBD-AA31-C85BA27E1BBB",
"versionEndExcluding": "56.0.27",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2220C8-D448-4F18-B279-8079FA963005",
"versionEndExcluding": "58.0.4",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 58.0.4, inicialmente utiliza permisos d\u00e9biles para los archivos de registro del servidor HTTP de Apache (SEC-130)."
}
],
"id": "CVE-2016-10796",
"lastModified": "2024-11-21T02:44:46.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T14:15:11.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite la ejecuci\u00f3n de c\u00f3digo arbitrario durante la modificaci\u00f3n de cuenta (SEC-220)."
}
],
"id": "CVE-2017-18459",
"lastModified": "2024-11-21T03:20:10.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, presenta una contrase\u00f1a fija para la cuenta de prueba Munin MySQL (SEC-196)."
}
],
"id": "CVE-2017-18470",
"lastModified": "2024-11-21T03:20:11.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-30 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1.0_r85:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9DDCBE-8A9C-44FC-8A24-47933CE057F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10."
}
],
"id": "CVE-2004-1875",
"lastModified": "2024-11-20T23:51:57.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108066561608676\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11244"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22984"
},
{
"source": "cve@mitre.org",
"url": "http://www.aria-security.com/forum/showthread.php?t=30"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cirt.net/advisories/cpanel_xss.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4208"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4209"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4210"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4211"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4212"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4213"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4214"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4215"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4243"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10002"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21142"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4658"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108066561608676\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.aria-security.com/forum/showthread.php?t=30"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cirt.net/advisories/cpanel_xss.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4214"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, no aplica la propiedad de la cuenta para las llamadas de la API de WHM de has_mycnf_for_cpuser (SEC-210)."
}
],
"id": "CVE-2017-18480",
"lastModified": "2024-11-21T03:20:13.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 62.0.4, la generaci\u00f3n del certificado SSL de WHM utiliza una direcci\u00f3n de correo electr\u00f3nico no reservada (SEC-209)."
}
],
"id": "CVE-2017-18479",
"lastModified": "2024-11-21T03:20:12.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:17
Severity ?
Summary
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/98-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/98-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE35F72-16D9-4207-A751-D44014BD8009",
"versionEndExcluding": "11.94.0.13",
"versionStartIncluding": "11.94.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "796C4A37-9583-45D9-A6E0-7F50FDFE3823",
"versionEndExcluding": "11.96.0.13",
"versionStartIncluding": "11.96.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD08A9C3-C8F4-4E3D-9D6C-6919E994A9BF",
"versionEndExcluding": "11.98.0.1",
"versionStartIncluding": "11.98.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 98.0.1, /scripts/cpan_config lleva a cabo operaciones no seguras con los archivos (SEC-589)"
}
],
"id": "CVE-2021-38586",
"lastModified": "2024-11-21T06:17:34.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:08.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.18, presenta una vulnerabilidad de tipo XSS en el Listado de Cola del BoxTrapper (SEC-493)."
}
],
"id": "CVE-2019-14406",
"lastModified": "2024-11-21T04:26:41.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 88.0.3, son usadas credenciales de prueba chkservd no seguras en una m\u00e1quina virtual con plantilla (SEC-554)"
}
],
"id": "CVE-2020-26105",
"lastModified": "2024-11-21T05:19:14.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.24, permite un ataque de tipo XSS almacenado en la interfaz de instalaci\u00f3n cPAddons de WHM (SEC-262)."
}
],
"id": "CVE-2017-18454",
"lastModified": "2024-11-21T03:20:09.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite a un correo web o una cuenta demo eliminar archivos arbitrarios (SEC-547)."
}
],
"id": "CVE-2020-10122",
"lastModified": "2024-11-21T04:54:51.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:14.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370)."
},
{
"lang": "es",
"value": "cPanel anterior a la versi\u00f3n 70.0.23, permite un ataque de tipo XSS Almacenado por medio de una Edit MX Entry de WHM (SEC-370)."
}
],
"id": "CVE-2018-20916",
"lastModified": "2024-11-21T04:02:27.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite ciertas operaciones de lectura de archivos por medio de una llamada de la API de Serverinfo_manpage (SEC-252)."
}
],
"id": "CVE-2017-18448",
"lastModified": "2024-11-21T03:20:08.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite una omisi\u00f3n de autenticaci\u00f3n de WebDAV porque la l\u00f3gica de conexi\u00f3n compartida es incorrecta (SEC-534)."
}
],
"id": "CVE-2019-20498",
"lastModified": "2024-11-21T04:38:37.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite que las cuentas demo ejecuten c\u00f3digo por medio de awstats (SEC-362)."
}
],
"id": "CVE-2018-20912",
"lastModified": "2024-11-21T04:02:27.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite un ataque de tipo auto-XSS porque el escape de la cadena JSON es manejado inapropiadamente (SEC-520)."
}
],
"id": "CVE-2019-20493",
"lastModified": "2024-11-21T04:38:36.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:12.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-30 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.9.1_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "414CFCA8-87FC-436E-9C41-ACB316578E3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled."
}
],
"id": "CVE-2004-1604",
"lastModified": "2024-11-20T23:51:18.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109811762230326\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109811762230326\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331)."
},
{
"lang": "es",
"value": "DnsUtils en cPanel anterior a versi\u00f3n 68.0.15, permite la creaci\u00f3n de zonas para los subdominios hostname y account (SEC-331)."
}
],
"id": "CVE-2017-18398",
"lastModified": "2024-11-21T03:20:01.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite la omisi\u00f3n de cPHulk de FTP por medio del nombre de cuenta munging (SEC-102)."
}
],
"id": "CVE-2016-10832",
"lastModified": "2024-11-21T02:44:51.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-03-25 19:44
Modified
2024-11-21 00:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.21:beta:*:*:*:*:*:*",
"matchCriteriaId": "5BB81672-314F-49D4-AD9E-CA8D1A14CD45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en frontend/x/manpage.html de cPanel 11.18.3 y 11.21.0-BETA, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante una cadena de consulta."
}
],
"id": "CVE-2008-1499",
"lastModified": "2024-11-21T00:44:40.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-03-25T19:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3775"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489963/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28403"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3775"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489963/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41374"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite operaciones de lectura de archivos y escritura de archivos para cuentas demo por medio de la API de SourceIPCheck (SEC-250)."
}
],
"id": "CVE-2017-18446",
"lastModified": "2024-11-21T03:20:08.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-22 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "491676C3-2D5C-4FF6-BF57-A86A253FB9CC",
"versionEndIncluding": "10.9.0_build_10300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D353FD60-0C3F-47C5-B9CD-301992671148",
"versionEndIncluding": "11.4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, permite a atacantes remotos obtener informaci\u00f3n confidencial mediante una petici\u00f3n directa, que revela la ruta en un mensaje de error.\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido solamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-3367",
"lastModified": "2024-11-21T00:33:03.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-22T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35861"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25722"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24586"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35009"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows any user to disable Solr (SEC-371)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite a cualquier usuario deshabilitar Solr (SEC-371)."
}
],
"id": "CVE-2018-20917",
"lastModified": "2024-11-21T04:02:28.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite operaciones arbitrarias de lectura de archivos por medio del script bin/fmq (SEC-70)."
}
],
"id": "CVE-2016-10838",
"lastModified": "2024-11-21T02:44:52.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.350",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 05:56
Severity ?
Summary
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/92-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/92-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A76F3F-4B0C-4F13-94D7-98F70BBAE205",
"versionEndExcluding": "92.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 92.0.9, permite a un Revendedor omitir el bloqueo de suspensi\u00f3n (SEC-578)"
}
],
"id": "CVE-2021-26266",
"lastModified": "2024-11-21T05:56:00.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:16:25.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Third Party Advisory, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite la escalada de privilegios locales por medio de la interfaz Legacy Language File Upload de WHM (SEC-379)."
}
],
"id": "CVE-2018-20925",
"lastModified": "2024-11-21T04:02:29.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite la ejecuci\u00f3n de c\u00f3digo por medio del manejador de respuesta de error de cpsrvd 403 (SEC-191)."
}
],
"id": "CVE-2016-10789",
"lastModified": "2024-11-21T02:44:45.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:12.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter."
}
],
"id": "CVE-2003-1425",
"lastModified": "2024-11-20T23:47:07.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6882"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11356"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5C0F44-05FE-4C26-9CD9-13A5630C8DAB",
"versionEndExcluding": "56.0.51",
"versionStartIncluding": "56.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FCAEC05-C807-4607-A362-6438A069D5C6",
"versionEndExcluding": "58.0.52",
"versionStartIncluding": "58.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB00CEC-8A7C-4A6D-B7F0-44888D0F654A",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A61832-3412-4384-B09C-4E559FCC2AC0",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE17BA2-BDD4-42E3-AA74-04B481FAFAB7",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1F5D15-72DA-4E1A-8531-E78BA42520EB",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "66.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, los archivos de registro de dominio se vuelven legibles despu\u00e9s del procesamiento de registro (SEC-273)."
}
],
"id": "CVE-2017-18423",
"lastModified": "2024-11-21T03:20:05.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a la 62.0.17 permite operaciones arbitrarias de lectura de archivos a trav\u00e9s de WHM / styled / URLs (SEC-218)."
}
],
"id": "CVE-2017-18457",
"lastModified": "2024-11-21T03:20:09.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-27 02:15
Modified
2024-11-21 05:23
Severity ?
Summary
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/90-change-log/ | Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/90-change-log/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2D3851-C81B-40B3-ADF7-1187C2BFA221",
"versionEndExcluding": "90.0.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 90.0.17, permite un ataque de tipo auto XSS por medio de la interfaz WHM Transfer Tool (SEC-577)"
}
],
"id": "CVE-2020-29137",
"lastModified": "2024-11-21T05:23:40.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-27T02:15:11.080",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B834C7E-883B-443D-AA81-322C5EBADCCC",
"versionEndExcluding": "80.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 80.0.5, permite operaciones de archivos no seguras en el contexto de la cuenta root por medio de la API de fetch_ssl_certificates_for_fqdns (SEC-489)."
}
],
"id": "CVE-2019-14394",
"lastModified": "2024-11-21T04:26:39.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C26391-C053-4410-A145-8BED0235D4B7",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.52.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "034B4A2E-5445-44D2-94F9-E1176BF78B56",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "56.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite que las cuentas de Webmail ejecuten c\u00f3digo arbitrario por medio de forwarders (SEC-121)."
}
],
"id": "CVE-2016-10816",
"lastModified": "2024-11-21T02:44:49.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:13.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 88.0.3, permite a atacantes omitir el mecanismo de protecci\u00f3n greylisting SMTP (SEC-491)"
}
],
"id": "CVE-2020-26099",
"lastModified": "2024-11-21T05:19:13.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:13.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205)."
},
{
"lang": "es",
"value": "Leech Protect en cPanel anterior a versi\u00f3n 62.0.4, no protege ciertos directorios (SEC-205)."
}
],
"id": "CVE-2017-18476",
"lastModified": "2024-11-21T03:20:12.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:17
Severity ?
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/98-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/98-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECF7A49-9925-472F-9EBC-077BB42C4B5C",
"versionEndExcluding": "98.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)."
},
{
"lang": "es",
"value": "La funcionalidad WHM Locale Upload en cPanel versiones anteriores a98.0.1 permite ataques de tipo XXE (SEC-585)"
}
],
"id": "CVE-2021-38584",
"lastModified": "2024-11-21T06:17:34.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:08.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de una acci\u00f3n Edit DNS Zone de WHM (SEC-374)."
}
],
"id": "CVE-2018-20920",
"lastModified": "2024-11-21T04:02:28.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-02 10:30
Modified
2024-11-21 00:57
Severity ?
Summary
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netenberg | fantastico_de_luxe | * | |
| cpanel | cpanel | 11 | |
| cpanel | cpanel | 11.4.19 | |
| cpanel | cpanel | 11.8.6 | |
| cpanel | cpanel | 11.8.6_stable | |
| cpanel | cpanel | 11.16 | |
| cpanel | cpanel | 11.18 | |
| cpanel | cpanel | 11.18.1 | |
| cpanel | cpanel | 11.18.2 | |
| cpanel | cpanel | 11.18.3 | |
| cpanel | cpanel | 11.18.4 | |
| cpanel | cpanel | 11.19.3 | |
| cpanel | cpanel | 11.21 | |
| cpanel | cpanel | 11.21 | |
| cpanel | cpanel | 11.22 | |
| cpanel | cpanel | 11.22.1 | |
| cpanel | cpanel | 11.22.2 | |
| cpanel | cpanel | 11.22.3 | |
| cpanel | cpanel | 11.23.1 | |
| cpanel | cpanel | 11.23.1_current |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54FEA113-975A-4252-9418-64F11FF98E32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFCB83D-77D1-4782-8741-C6AD089DE488",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC97216-E9A0-467B-86D7-8F4DB146220C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.8.6:stable:*:*:*:*:*:*",
"matchCriteriaId": "3CB69DCF-617E-4E3F-8494-9C74626DF262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.8.6_stable:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E24B1A-A25F-4ADB-906B-A346F782E821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3919CF-D66F-4713-8E34-F4C9E9EDFB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CF562242-C032-4D52-9464-91EF5C9EEA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80AD4CE4-714E-4949-B676-F1F692172773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC2F2A-3A9C-4B7D-8B20-4DBEB6DF9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "064D2D20-2410-4BF5-BEAB-B0FEA6858814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04480CFC-EA47-4723-B23D-0C415598D254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "80CEE914-DB4B-4777-B8BD-A8EAE6526E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.21:beta:*:*:*:*:*:*",
"matchCriteriaId": "5BB81672-314F-49D4-AD9E-CA8D1A14CD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "67891987-C727-45FF-B027-11B25D2849D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "011314F7-1977-453B-B308-DB776DF604E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "051B4B2E-BF9B-4EA8-973B-6D96A1618F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3915A3-45AA-4B53-9990-2FED41439D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.23.1:current:*:*:*:*:*:*",
"matchCriteriaId": "45F18137-728C-421A-BF9D-15CB576F67CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.23.1_current:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C35162-E9F6-4B8F-925E-19E5779095D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x, permite a los atacantes remotos leer arbitrariamente archivos a trav\u00e9s de ..(punto punto) en el par\u00e1metro sup3r."
}
],
"id": "CVE-2008-6843",
"lastModified": "2024-11-21T00:57:36.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-02T10:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32578"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E8E0F9-EE9B-4F69-8D53-87179BC1B6A9",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.52.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 55.9999.141, Scripts y addpop revelan una contrase\u00f1a de l\u00ednea de comandos en una lista de procesos (SEC-75)."
}
],
"id": "CVE-2016-10821",
"lastModified": "2024-11-21T02:44:49.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:14.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-18 02:02
Modified
2024-11-21 00:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter."
}
],
"id": "CVE-2006-0763",
"lastModified": "2024-11-21T00:07:17.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-18T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/22971"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/22971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite ciertas operaciones de cambio de nombre de archivo en el contexto de la cuenta root por medio del archivo scripts/convert_roundcube_mysql2sqlite (SEC-254)."
}
],
"id": "CVE-2017-18449",
"lastModified": "2024-11-21T03:20:08.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite la ejecuci\u00f3n de c\u00f3digo arbitrario por medio de Maketext en adminbin de PostgreSQL (SEC-188)."
}
],
"id": "CVE-2016-10788",
"lastModified": "2024-11-21T02:44:45.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:12.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has Stored XSS in the WHM \"Reset a DNS Zone\" feature (SEC-461)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, presenta una vulnerabilidad de tipo XSS almacenado en la funcionalidad WHM \"Reset a DNS Zone\" (SEC-461)."
}
],
"id": "CVE-2018-20866",
"lastModified": "2024-11-21T04:02:20.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:10.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:32
Severity ?
Summary
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15F8D235-EEA4-42B6-BF23-AB5FD9E7662B",
"versionEndExcluding": "78.0.39",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F3AB06-4280-4FCD-8DDC-393FA7444B53",
"versionEndExcluding": "82.0.15",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS propio en la interfaz SSL Key Delete (SEC-526)."
}
],
"id": "CVE-2019-17378",
"lastModified": "2024-11-21T04:32:13.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:15.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:19
Severity ?
Summary
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite la ejecuci\u00f3n de c\u00f3digo arbitraria por medio de la inyecci\u00f3n de Maketext en una carga de estilo de Reseller (SEC-314)."
}
],
"id": "CVE-2017-18387",
"lastModified": "2024-11-21T03:19:59.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7EBC48-3B0B-4641-9A6F-57229E8CE7D3",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 67.9999.103, no impone la comprobaci\u00f3n del nombre de host SSL para la descarga del acuerdo de soporte (SEC-279)."
}
],
"id": "CVE-2017-18407",
"lastModified": "2024-11-21T03:20:02.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite operaciones de sobrescritura de archivos durante la preparaci\u00f3n para actualizaciones de MySQL (SEC-161)."
}
],
"id": "CVE-2016-10768",
"lastModified": "2024-11-21T02:44:42.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-14 01:28
Modified
2024-11-21 00:22
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11:*:*:*:*:*:*:*",
"matchCriteriaId": "DDFCB83D-77D1-4782-8741-C6AD089DE488",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mail/manage.html en BoxTrapper en cPanel 11 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro account."
}
],
"id": "CVE-2006-6523",
"lastModified": "2024-11-21T00:22:53.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-14T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23302"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2028"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.aria-security.com/forum/showthread.php?t=67"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453888/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21497"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.aria-security.com/forum/showthread.php?t=67"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453888/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30788"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, expone los registros del servidor HTTP de Apache despu\u00e9s de la creaci\u00f3n de ciertos dominios (SEC-406)."
}
],
"id": "CVE-2018-20932",
"lastModified": "2024-11-21T04:02:30.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-538"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-26 17:07
Modified
2024-11-21 00:19
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.9.0_r50:*:*:*:*:*:*:*",
"matchCriteriaId": "D81DB146-1739-4C9E-9C47-B558A25CB9E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate."
},
{
"lang": "es",
"value": "Vulnerabilidades m\u00faltiples de cruce de sitios en scripts (XSS) en WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 permiten a atacantes remotos inyectar scripts WEB o HTML mediante 1) par\u00e1metro theme en scripts/dosetmytheme y (2) par\u00e1metro template en scripts2/editzonetemplate."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\ncPanel, cPanel, 10.9.0-R56",
"id": "CVE-2006-5535",
"lastModified": "2024-11-21T00:19:37.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-26T17:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://changelog.cpanel.net/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22555"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1780"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/449472/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/20683"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://changelog.cpanel.net/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/449472/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/20683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows attackers to read root\u0027s crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite a los atacantes leer el archivo crontab de root durante un intervalo de tiempo corto al habilitar o deshabilitar sqloptimizer (SEC-332)."
}
],
"id": "CVE-2017-18399",
"lastModified": "2024-11-21T03:20:01.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite a los atacantes detectar el contenido del archivo durante las operaciones de copia de archivos (SEC-185)."
}
],
"id": "CVE-2016-10785",
"lastModified": "2024-11-21T02:44:44.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E59834-A31B-4BBD-AA31-C85BA27E1BBB",
"versionEndExcluding": "56.0.27",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2220C8-D448-4F18-B279-8079FA963005",
"versionEndExcluding": "58.0.4",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 58.0.4, permite un cambio de propiedad de archivo (en nobody) por medio de rearrangeacct (SEC-134)."
}
],
"id": "CVE-2016-10798",
"lastModified": "2024-11-21T02:44:46.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2927869B-A80C-4801-9AB8-078649CD8E38",
"versionEndExcluding": "71.9980.37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite un ataque de tipo XSS Almacenado y Remoto en Interfaz Save Theme de WHM (SEC-400)."
}
],
"id": "CVE-2018-20901",
"lastModified": "2024-11-21T04:02:25.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:19
Severity ?
Summary
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite la ejecuci\u00f3n de c\u00f3digo arbitraria por medio de la inyecci\u00f3n de Maketext en PostgresAdmin (SEC-313)."
}
],
"id": "CVE-2017-18386",
"lastModified": "2024-11-21T03:19:59.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:17
Severity ?
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/98-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/98-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECF7A49-9925-472F-9EBC-077BB42C4B5C",
"versionEndExcluding": "98.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)."
},
{
"lang": "es",
"value": "La funcionalidad WHM Locale Upload en cPanel versiones anteriores a 98.0.1, permite ataques de deserializaci\u00f3n (SEC-585)"
}
],
"id": "CVE-2021-38585",
"lastModified": "2024-11-21T06:17:34.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:08.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite ciertas operaciones file-chmod en el archivo scripts/secureit (SEC-82)."
}
],
"id": "CVE-2016-10849",
"lastModified": "2024-11-21T02:44:54.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACD0003-3D8E-4B4C-9771-5D00B64900D4",
"versionEndExcluding": "66.0.1",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 66.0.1, no realiza de manera confiable las operaciones de suspender/no suspender en cuentas (CPANEL-13941)."
}
],
"id": "CVE-2017-18431",
"lastModified": "2024-11-21T03:20:06.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, no conserva los permisos para el transporte del respaldo local (SEC-330)."
}
],
"id": "CVE-2017-18397",
"lastModified": "2024-11-21T03:20:01.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite un ataque de tipo XSS propio en la interfaz listips de WHM. (SEC-389)."
}
],
"id": "CVE-2018-20952",
"lastModified": "2024-11-21T04:02:32.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:13.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite un ataque de tipo XSS auto almacenado en la p\u00e1gina de inicio de sesi\u00f3n de Security Questions (SEC-446)."
}
],
"id": "CVE-2018-20881",
"lastModified": "2024-11-21T04:02:23.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.867",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-26 18:16
Modified
2024-11-21 05:56
Severity ?
Summary
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/92-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/92-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93A76F3F-4B0C-4F13-94D7-98F70BBAE205",
"versionEndExcluding": "92.0.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 92.0.9, permite a un usuario de MySQL (que presenta un hash de contrase\u00f1a antiguo) omitir una suspensi\u00f3n (SEC-579)"
}
],
"id": "CVE-2021-26267",
"lastModified": "2024-11-21T05:56:00.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-26T18:16:25.943",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a una cuenta Webmail ejecutar c\u00f3digo por medio de forwarders (SEC-240)."
}
],
"id": "CVE-2017-18437",
"lastModified": "2024-11-21T03:20:07.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite a los atacantes leer accesshash de root por medio del archivo /cgi/trustclustermaster.cgi de WHM (SEC-364)."
}
],
"id": "CVE-2018-20913",
"lastModified": "2024-11-21T04:02:27.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS auto almacenado en listdbs de la API1 de postgres (SEC-181)."
}
],
"id": "CVE-2016-10782",
"lastModified": "2024-11-21T02:44:44.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de la interfaz del proveedor de cpaddons (SEC-391)."
}
],
"id": "CVE-2018-20928",
"lastModified": "2024-11-21T04:02:29.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite a los miembros del grupo nobody leer las claves SSL del servidor HTTP de Apache (SEC-186)."
}
],
"id": "CVE-2016-10786",
"lastModified": "2024-11-21T02:44:44.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows FTP access during account suspension (SEC-449)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite acceso FTP durante una suspensi\u00f3n de cuenta (SEC-449)."
}
],
"id": "CVE-2018-20883",
"lastModified": "2024-11-21T04:02:23.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:13.007",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite operaciones arbitrarias de sobrescritura de archivos en el archivo scripts/check_system_storable (SEC-78)."
}
],
"id": "CVE-2016-10845",
"lastModified": "2024-11-21T02:44:53.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite la ejecuci\u00f3n de c\u00f3digo mediante cuentas webmail y demo por medio de una llamada de la API de store_filter (SEC-236)."
}
],
"id": "CVE-2017-18433",
"lastModified": "2024-11-21T03:20:06.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 88.0.3, maneja inapropiadamente la ruta de filtro Exim, conllevando a una ejecuci\u00f3n de c\u00f3digo remota (SEC-485)"
}
],
"id": "CVE-2020-26098",
"lastModified": "2024-11-21T05:19:13.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:13.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C26391-C053-4410-A145-8BED0235D4B7",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.52.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "034B4A2E-5445-44D2-94F9-E1176BF78B56",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "56.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite la inyecci\u00f3n SQL por medio del archivo de registro TailWatch de ModSecurity (SEC-123)."
}
],
"id": "CVE-2016-10817",
"lastModified": "2024-11-21T02:44:49.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:13.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, no bloquea un nombre de usuario de postmaster, lo que podr\u00eda permitir la recepci\u00f3n de correo electr\u00f3nico privado (SEC-326)."
}
],
"id": "CVE-2017-18393",
"lastModified": "2024-11-21T03:20:00.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite un ataque de tipo auto-XSS almacenado por medio del editor de archivos HTML (SEC-535)."
}
],
"id": "CVE-2020-10114",
"lastModified": "2024-11-21T04:54:50.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73688389-0B7B-4AB8-81E6-24B96618EB21",
"versionEndExcluding": "70.0.53",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, permite modificaciones arbitrarias de archivos de zona debido al manejo incorrecto de registros CAA (SEC-439)."
}
],
"id": "CVE-2018-20892",
"lastModified": "2024-11-21T04:02:24.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58)."
},
{
"lang": "es",
"value": "La funcionalidad journal de SQLite en cPanel anterior a versi\u00f3n 57.9999.54, permite operaciones arbitrarias de sobrescritura de archivos durante la Restauraci\u00f3n de Horde (SEC-58)."
}
],
"id": "CVE-2016-10804",
"lastModified": "2024-11-21T02:44:47.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 8.7,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7965732-3FD2-415F-A698-3CFE5F74024F",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite un ataque de tipo XSS propio durante la creaci\u00f3n de una cuenta ftp bajo dominios addon. (SEC-118)."
}
],
"id": "CVE-2016-10813",
"lastModified": "2024-11-21T02:44:48.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:12.673",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.18, permite a los usuarios locales escalar hacia un acceso root debido un an\u00e1lisis inapropiado de la cach\u00e9 de datos de usuario (SEC-479)."
}
],
"id": "CVE-2019-14400",
"lastModified": "2024-11-21T04:26:40.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187)."
},
{
"lang": "es",
"value": "La funcionalidad de Control de Acceso del Host en cPanel anterior a versi\u00f3n 60.0.25, maneja inapropiadamente las entradas host.deny sin acci\u00f3n (SEC-187)."
}
],
"id": "CVE-2016-10787",
"lastModified": "2024-11-21T02:44:44.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite la omisi\u00f3n de la suspensi\u00f3n de cuenta por medio de ftp (SEC-105)."
}
],
"id": "CVE-2016-10834",
"lastModified": "2024-11-21T02:44:51.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 88.0.13, permite omitir un mecanismo de protecci\u00f3n que intentaba restringir la modificaci\u00f3n del paquete (SEC-557)"
}
],
"id": "CVE-2020-26109",
"lastModified": "2024-11-21T05:19:15.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo ejecutar comandos de la API en SSH (SEC-248)."
}
],
"id": "CVE-2017-18444",
"lastModified": "2024-11-21T03:20:08.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BD6FC3-11D4-47B4-8BD3-CF2CBE7B1138",
"versionEndExcluding": "56.0.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "736F9A38-5BD2-441A-A9D3-25BF752C8928",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F311F5-58EF-4985-A79D-8614EB1A0709",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "62.0.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A63076C-335A-47AD-AEF5-6556B630770D",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "64.0.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B349761-D09A-477E-93D9-E053A2AC8732",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "66.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 67.9999.103, permite operaciones arbitrarias de sobrescritura de archivos durante una actualizaci\u00f3n del esquema SQLite de Roundcube (SEC-303)."
}
],
"id": "CVE-2017-18416",
"lastModified": "2024-11-21T03:20:04.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.897",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite un ataque de tipo XSS propio en Branding Images de Reseller X3 (SEC-88)."
}
],
"id": "CVE-2016-10822",
"lastModified": "2024-11-21T02:44:50.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon the enabling of backups (SEC-342)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite a los atacantes leer el archivo crontab de root durante un intervalo de tiempo corto al habilitar las copias de seguridad (SEC-342)."
}
],
"id": "CVE-2018-20940",
"lastModified": "2024-11-21T04:02:31.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows code execution because \".\" is in @INC during a Perl syntax check of cpaddonsup (SEC-359)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite la ejecuci\u00f3n de c\u00f3digo debido a que un \".\" est\u00e1 en @INC durante una comprobaci\u00f3n de sintaxis de Perl de cpaddonsup (SEC-359)."
}
],
"id": "CVE-2018-20911",
"lastModified": "2024-11-21T04:02:27.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.763",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 13:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF02DB-E93E-470A-A1C9-ADED148EF6CF",
"versionEndExcluding": "82.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 82.0.2, permite a los usuarios locales descubrir la contrase\u00f1a root de MySQL (SEC-510)."
}
],
"id": "CVE-2019-14389",
"lastModified": "2024-11-21T04:26:38.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T13:15:18.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0B897-CD1C-46D1-9F21-FB0FA041E8AA",
"versionEndExcluding": "90.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 90.0.10, permite un ataque de tipo auto-XSS por medio de la interfaz Cron Editor. (SEC-574)"
}
],
"id": "CVE-2020-26115",
"lastModified": "2024-11-21T05:19:16.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite la ejecuci\u00f3n de c\u00f3digo arbitrario no autenticada por medio de envenenamiento de entrada NS de DNS (SEC-90)."
}
],
"id": "CVE-2016-10824",
"lastModified": "2024-11-21T02:44:50.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "688E88AF-7811-4BD7-89DA-4D9569D0EDB8",
"versionEndExcluding": "71.9980.37",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite a los atacantes realizar llamadas de la API que omiten la restricci\u00f3n de la funcionalidad backup (SEC-429)."
}
],
"id": "CVE-2018-20905",
"lastModified": "2024-11-21T04:02:26.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477)."
},
{
"lang": "es",
"value": "La funcionalidad de almacenamiento de certificados SSL en cPanel anterior a versi\u00f3n 78.0.18, permite operaciones de archivos no seguras en el contexto de la cuenta root (SEC-477)."
}
],
"id": "CVE-2019-14399",
"lastModified": "2024-11-21T04:26:40.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-04 00:06
Modified
2024-11-21 00:06
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AA69338-184A-4B69-8BB6-6B05BA866F45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en webmailaging.cgi en cPanel permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro numdays."
}
],
"id": "CVE-2006-0533",
"lastModified": "2024-11-21T00:06:41.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-04T00:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=113894933522271\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18691"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22906"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=113894933522271\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite un ataque de tipo XSS propio en la P\u00e1gina de Inicio de Paper Lantern (SEC-110)."
}
],
"id": "CVE-2016-10806",
"lastModified": "2024-11-21T02:44:47.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado en Cl\u00faster DNS de WHM (SEC-372)."
}
],
"id": "CVE-2018-20918",
"lastModified": "2024-11-21T04:02:28.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, no presenta una lista suficiente de nombres de usuario reservados (SEC-327)."
}
],
"id": "CVE-2017-18394",
"lastModified": "2024-11-21T03:20:00.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB00CEC-8A7C-4A6D-B7F0-44888D0F654A",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1A61832-3412-4384-B09C-4E559FCC2AC0",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE17BA2-BDD4-42E3-AA74-04B481FAFAB7",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1F5D15-72DA-4E1A-8531-E78BA42520EB",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "66.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, el archivo de configuraci\u00f3n del Servidor HTTP de Apache se cambia a legible para todo el mundo cuando se reconstruye (SEC-274)."
}
],
"id": "CVE-2017-18424",
"lastModified": "2024-11-21T03:20:05.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:17
Severity ?
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4671AC-FD88-400B-9442-92A6810E67BB",
"versionEndExcluding": "96.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 96.0.13, scripts/fix-cpanel-perl maneja inapropiadamente la creaci\u00f3n de archivos temporales (SEC-586)"
}
],
"id": "CVE-2021-38587",
"lastModified": "2024-11-21T06:17:35.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:08.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1.0_r85:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9DDCBE-8A9C-44FC-8A24-47933CE057F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker\u0027s script after the user\u0027s script, which executes the attacker\u0027s script with the user\u0027s privileges, a different vulnerability than CVE-2004-0529."
},
{
"lang": "es",
"value": "cPanel, cuando se compila Apache 1.3.29 y PHP con la opci\u00f3n mod_phpsuexec, no establece la opci\u00f3n --enable-discard-path, lo que hace que php use la variable SCRIPT_FILENAME para ejecutar un script en lugar de la variable PATH_TRANSLATED, lo que permite a usuarios locales ejecutar c\u00f3digo PHP de su elecci\u00f3n como otros usuarios mediante una URL que referencia al script del atacante con los privilegios del usuario, una vulnerabilidad distinta de CAN-2004-0529."
}
],
"id": "CVE-2004-0490",
"lastModified": "2024-11-20T23:48:42.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"
},
{
"source": "cve@mitre.org",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"
},
{
"source": "cve@mitre.org",
"url": "http://www.a-squad.com/audit/explain10.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/tools/5TP0N15CUA.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/364112"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10407"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.a-squad.com/audit/explain10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/tools/5TP0N15CUA.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/364112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, maneja inapropiadamente la suspensi\u00f3n de cuenta debido a un archivo email_accounts.json no valido (SEC-445)."
}
],
"id": "CVE-2018-20880",
"lastModified": "2024-11-21T04:02:22.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite operaciones de lectura de archivos arbitrarias durante el manejo de plantilla personalizada de pkgacct (SEC-435)."
}
],
"id": "CVE-2018-20908",
"lastModified": "2024-11-21T04:02:26.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite un ataque de tipo XSS auto almacenado en Account Transfer de WHM. (SEC-386)."
}
],
"id": "CVE-2018-20950",
"lastModified": "2024-11-21T04:02:32.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:13.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B834C7E-883B-443D-AA81-322C5EBADCCC",
"versionEndExcluding": "80.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 80.0.5, permite la ejecuci\u00f3n de c\u00f3digo local en el contexto de una cuenta de cPanel diferente debido a la ejecuci\u00f3n no confiable de cpphp (SEC-486)."
}
],
"id": "CVE-2019-14393",
"lastModified": "2024-11-21T04:26:39.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 14:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E59834-A31B-4BBD-AA31-C85BA27E1BBB",
"versionEndExcluding": "56.0.27",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2220C8-D448-4F18-B279-8079FA963005",
"versionEndExcluding": "58.0.4",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows WHM \"Purchase and Install an SSL Certificate\" page visitors to list all server domains (SEC-133)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 58.0.4, permite a los visitantes de la p\u00e1gina de WHM \"Purchase and Install an SSL Certificate\" enumerar todos los dominios del servidor (SEC-133)."
}
],
"id": "CVE-2016-10797",
"lastModified": "2024-11-21T02:44:46.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T14:15:11.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite la ejecuci\u00f3n de c\u00f3digo arbitraria durante una duplicaci\u00f3n local (SEC-72)."
}
],
"id": "CVE-2016-10840",
"lastModified": "2024-11-21T02:44:52.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FDBAC3-209F-487D-90DE-A1CE84159C10",
"versionEndExcluding": "88.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 88.0.13, permite un ataque de tipo auto-XSS por medio de las interfaces DNS Zone Manager DNSSEC (SEC-564)"
}
],
"id": "CVE-2020-26110",
"lastModified": "2024-11-21T05:19:15.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite un ataque de tipo XSS almacenado durante una actualizaci\u00f3n moderada de cpaddons (SEC-336)."
}
],
"id": "CVE-2017-18402",
"lastModified": "2024-11-21T03:20:01.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.990",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 13:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF02DB-E93E-470A-A1C9-ADED148EF6CF",
"versionEndExcluding": "82.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 82.0.2, ha almacenado XSS en la interfaz de WHM Modify Account (SEC-512)."
}
],
"id": "CVE-2019-14390",
"lastModified": "2024-11-21T04:26:39.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T13:15:18.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 13:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF02DB-E93E-470A-A1C9-ADED148EF6CF",
"versionEndExcluding": "82.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 82.0.2, presenta un XSS almacenado en la interfaz de WHM Tomcat Manager (SEC-504)."
}
],
"id": "CVE-2019-14386",
"lastModified": "2024-11-21T04:26:38.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T13:15:18.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite una inyecci\u00f3n SQL en el archivo bin/horde_update_usernames (SEC-71)."
}
],
"id": "CVE-2016-10839",
"lastModified": "2024-11-21T02:44:52.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite el escape del modo demo por medio del archivo show_template.stor (SEC-119)."
}
],
"id": "CVE-2016-10814",
"lastModified": "2024-11-21T02:44:48.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:13.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F18E-DCE6-4780-9A4D-A95E1C44AD2B",
"versionEndExcluding": "56.0.51",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1655B2-A0F5-48FD-9A8C-03129C02A2DE",
"versionEndExcluding": "58.0.52",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBFF216-2F0A-48F8-9A4D-63179DFACD53",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F646E95-64DD-4F95-9CF2-DD02A8E15931",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EC469B-7352-479A-B1A2-A8564B979477",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F31B57-361E-4D48-AF91-85DFA98D0011",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, los domlogs del Servidor HTTP de Apache se vuelven legibles por todo el mundo temporalmente durante el procesamiento de registros (SEC-290)."
}
],
"id": "CVE-2017-18428",
"lastModified": "2024-11-21T03:20:05.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, presenta una vulnerabilidad de tipo XSS almacenado en la interfaz de WHM MultiPHP Manager (SEC-464)."
}
],
"id": "CVE-2018-20868",
"lastModified": "2024-11-21T04:02:21.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:10.890",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.2, no restringe apropiadamente las cuentas demo de escritura en los archivos por medio de la UAPI de DCV (SEC-473)."
}
],
"id": "CVE-2019-14411",
"lastModified": "2024-11-21T04:26:42.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:12.140",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite una omisi\u00f3n de cPHulk en protocolo POP/IMAP por medio de nombre de cuenta munging (SEC-107)."
}
],
"id": "CVE-2016-10835",
"lastModified": "2024-11-21T02:44:52.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.127",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:17
Severity ?
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/96-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7F7F3-A24D-4479-AB6E-53C457D0E0DE",
"versionEndExcluding": "11.96.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 96.0.13, scripts/fix-cpanel-perl no restringe apropiadamente la sobreescritura de archivos (SEC-588)"
}
],
"id": "CVE-2021-38589",
"lastModified": "2024-11-21T06:17:35.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:08.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/tsr-2017-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, permite un ataque de tipo XSS reflejado en las interfaces reset-password (SEC-198)."
}
],
"id": "CVE-2017-18472",
"lastModified": "2024-11-21T03:20:11.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite un ataque de tipo XSS propio en funcionalidad Backup Restoration de cPanel (SEC-383)."
}
],
"id": "CVE-2018-20948",
"lastModified": "2024-11-21T04:02:32.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:13.030",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not block a username of ssl (SEC-328)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, no bloquea un nombre de usuario del protocolo SSL (SEC-328)."
}
],
"id": "CVE-2017-18395",
"lastModified": "2024-11-21T03:20:00.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.490",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite ciertas operaciones de file-chmod por medio del archivo /scripts/convert_roundcube_mysql2sqlite (SEC-255)."
}
],
"id": "CVE-2017-18450",
"lastModified": "2024-11-21T03:20:08.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite a atacantes leer una base de datos arbitraria por medio de un flujo de volcado MySQL (SEC-531)."
}
],
"id": "CVE-2019-20495",
"lastModified": "2024-11-21T04:38:36.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite que las cuentas demo ejecuten c\u00f3digo por medio de una llamada de la API de NVData_fetchinc (SEC-233)."
}
],
"id": "CVE-2017-18469",
"lastModified": "2024-11-21T03:20:11.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS almacenado en la API de ftp_sessions (SEC-180)."
}
],
"id": "CVE-2016-10780",
"lastModified": "2024-11-21T02:44:43.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-31 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl\u0027s @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable."
}
],
"id": "CVE-2003-1426",
"lastModified": "2024-11-20T23:47:07.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6885"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/6885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo ejecutar c\u00f3digo por medio de la API de ClamScanner_getsocket (SEC-251)."
}
],
"id": "CVE-2017-18447",
"lastModified": "2024-11-21T03:20:08.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de la cuenta root debido a permisos d\u00e9biles en copias de seguridad de tipo incremental (SEC-322)."
}
],
"id": "CVE-2017-18390",
"lastModified": "2024-11-21T03:20:00.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.903",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-27 15:30
Modified
2024-11-21 01:10
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cpanel | cpanel | 11.0 | |
| cpanel | cpanel | 11.4.19 | |
| cpanel | cpanel | 11.16 | |
| cpanel | cpanel | 11.18 | |
| cpanel | cpanel | 11.18.1 | |
| cpanel | cpanel | 11.18.2 | |
| cpanel | cpanel | 11.18.3 | |
| cpanel | cpanel | 11.18.4 | |
| cpanel | cpanel | 11.19.3 | |
| cpanel | cpanel | 11.21 | |
| cpanel | cpanel | 11.21 | |
| cpanel | cpanel | 11.22 | |
| cpanel | cpanel | 11.22.1 | |
| cpanel | cpanel | 11.22.2 | |
| cpanel | cpanel | 11.22.3 | |
| cpanel | cpanel | 11.24 | |
| cpanel | cpanel | 11.24.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D42E0955-7BDB-470A-B487-8A33C4C30800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC97216-E9A0-467B-86D7-8F4DB146220C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6E3919CF-D66F-4713-8E34-F4C9E9EDFB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18:*:*:*:*:*:*:*",
"matchCriteriaId": "CF562242-C032-4D52-9464-91EF5C9EEA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80AD4CE4-714E-4949-B676-F1F692172773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC2F2A-3A9C-4B7D-8B20-4DBEB6DF9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "064D2D20-2410-4BF5-BEAB-B0FEA6858814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04480CFC-EA47-4723-B23D-0C415598D254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.21:*:*:*:*:*:*:*",
"matchCriteriaId": "80CEE914-DB4B-4777-B8BD-A8EAE6526E1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.21:beta:*:*:*:*:*:*",
"matchCriteriaId": "5BB81672-314F-49D4-AD9E-CA8D1A14CD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22:*:*:*:*:*:*:*",
"matchCriteriaId": "67891987-C727-45FF-B027-11B25D2849D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "011314F7-1977-453B-B308-DB776DF604E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "051B4B2E-BF9B-4EA8-973B-6D96A1618F24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.22.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E3915A3-45AA-4B53-9990-2FED41439D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FA032B-D404-4648-A380-CF349FBD6023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.24.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4A0F2A-1327-4CDE-8A7D-9699A240C329",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en frontend/x3/files/fileop.html en cPanel 11.0 a 11.24.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"fileop\"."
}
],
"id": "CVE-2009-4823",
"lastModified": "2024-11-21T01:10:33.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-27T15:30:00.953",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/61231"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37826"
},
{
"source": "cve@mitre.org",
"url": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/10519"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37394"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/61231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/10519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3608"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.4, permite operaciones de lectura de archivos arbitrarias por medio de valuaciones de Exim (SEC-201)."
}
],
"id": "CVE-2017-18474",
"lastModified": "2024-11-21T03:20:12.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7408F14F-6D46-411A-B62A-08F632537813",
"versionEndExcluding": "66.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 66.0.2, permite un ataque de tipo XSS almacenado durante la instalaci\u00f3n de WHM (SEC-263)."
}
],
"id": "CVE-2017-18417",
"lastModified": "2024-11-21T03:20:04.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:11.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.54, permite que las cuentas demo ejecuten c\u00f3digo arbitrario por medio del archivo ajax_maketext_syntax_util.pl (SEC-109)."
}
],
"id": "CVE-2016-10805",
"lastModified": "2024-11-21T02:44:47.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite operaciones file-chmod arbitrarias durante el legado de copias de seguridad de tipo incremental (SEC-338)."
}
],
"id": "CVE-2018-20909",
"lastModified": "2024-11-21T04:02:26.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.623",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, no aplica restricciones de lista de funcionalidades cuando se llama a adminbin multilang (SEC-168)."
}
],
"id": "CVE-2016-10772",
"lastModified": "2024-11-21T02:44:42.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.497",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-14 19:07
Modified
2024-11-21 00:20
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F23C1C-4F4E-4BFA-8FF2-51BF76EAE0C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) par\u00e1metro dir en (a) seldir.html, y los par\u00e1metros (2) user y (3) dir en (b) newuser.html."
}
],
"id": "CVE-2006-5883",
"lastModified": "2024-11-21T00:20:57.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-14T19:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://aria-security.net/advisory/cpanel.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22825"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1847"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30386"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/30387"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21027"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://aria-security.net/advisory/cpanel.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/30387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/21027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4500"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 13:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF02DB-E93E-470A-A1C9-ADED148EF6CF",
"versionEndExcluding": "82.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 82.0.2, presenta una vulnerabilidad de tipo XSS Propia en las plantillas maestras del cPanel y webmail (SEC-506)."
}
],
"id": "CVE-2019-14387",
"lastModified": "2024-11-21T04:26:38.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T13:15:18.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-01 19:05
Modified
2024-11-21 00:45
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04480CFC-EA47-4723-B23D-0C415598D254",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en cPanel, posiblemente 11.18.3 y 11.19.3, permite a los atacantes remotos (1) ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro command1 en frontend/x2/cron/editcronsimple.html, y realizar varias acciones administrativas a trav\u00e9s de (2) frontend/x2/sql/adddb.html (3) frontend/x2/sql/adduser.html, y (4) frontend/x2/ftp/doaddftp.html."
}
],
"evaluatorComment": "Additional information can be found at:\r\n\r\nhttp://secunia.com/advisories/30027/\r\n\r\nhttp://www.frsirt.com/english/advisories/2008/1401\r\n\r\nhttp://blog.cpanel.net/?p=39",
"id": "CVE-2008-2043",
"lastModified": "2024-11-21T00:45:57.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-01T19:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30027"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584089"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rooksecurity.com/blog/?p=7"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1401/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/584089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rooksecurity.com/blog/?p=7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1401/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42114"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:19
Severity ?
Summary
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite el uso de una direcci\u00f3n de correo electr\u00f3nico no reservada en los registros SOA de la zona DNS (SEC-306)."
}
],
"id": "CVE-2017-18382",
"lastModified": "2024-11-21T03:19:59.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:19
Severity ?
Summary
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, escribe copias de seguridad del directorio de inicio en una ubicaci\u00f3n incorrecta (SEC-309)."
}
],
"id": "CVE-2017-18383",
"lastModified": "2024-11-21T03:19:59.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-01 16:30
Modified
2024-11-21 00:58
Severity ?
Summary
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:11.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53A19523-B3B1-48E6-A202-CEB1CBD2DDB4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio absoluto en el m\u00f3dulo isk Usage (frontend/x/diskusage/index.html) en cPanel v11.18.3 permite a atacantes remotos listar directorios arbitrariamente a trav\u00e9s del par\u00e1metro showtree."
}
],
"id": "CVE-2008-7142",
"lastModified": "2024-11-21T00:58:22.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-01T16:30:00.517",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/51582"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/489747/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28300"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28300/exploit"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/51582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/489747/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/28300/exploit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite la ejecuci\u00f3n de c\u00f3digo arbitraria debido a una ruta (path) no segura de @INC (SEC-46)."
}
],
"id": "CVE-2016-10837",
"lastModified": "2024-11-21T02:44:52.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite que los datos del dominio sean eliminados para dominios con el TLD .lock (SEC-341)."
}
],
"id": "CVE-2017-18404",
"lastModified": "2024-11-21T03:20:02.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-10 20:30
Modified
2024-11-21 00:57
Severity ?
Summary
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cpanel | cpanel | * | |
| netenberg | fantastico_de_luxe | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netenberg:fantastico_de_luxe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54FEA113-975A-4252-9418-64F11FF98E32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el archivo autoinstall4imagesgalleryupgrade.php en el M\u00f3dulo Fant\u00e1stico De Luxe para cPanel, permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios por medio de secuencias de salto de directorio en el par\u00e1metro scriptpath_show en una acci\u00f3n GoAhead. NOTA: este problema solo cruza los l\u00edmites de privilegios cuando las configuraciones de seguridad, como disable_functions y safe_mode, est\u00e1n activas, ya que la explotaci\u00f3n requiere la carga de c\u00f3digo ejecutable en un directorio de inicio."
}
],
"id": "CVE-2008-6926",
"lastModified": "2024-11-21T00:57:49.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-10T20:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6897"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS almacenado durante la fase de eliminaci\u00f3n de homedir de una finalizaci\u00f3n de Cuenta de WHM (SEC-174)."
}
],
"id": "CVE-2016-10776",
"lastModified": "2024-11-21T02:44:43.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 70.0.23, los proveedores de OpenID pueden inyectar datos arbitrarios en los archivos de sesi\u00f3n de cPanel (SEC-368)."
}
],
"id": "CVE-2018-20914",
"lastModified": "2024-11-21T04:02:27.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE91306B-6904-409F-B07B-138F02A33F40",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "56.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC7D380-7D81-410E-BCBA-849B43DF3D9B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "58.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30C71E1-3637-4822-BB84-7DD3888F30DB",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C618804-1CA5-4B06-9707-9B61F8A7F642",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7DCF36-29DD-4EBC-8F12-2951DF18FDA8",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "64.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, no conserva los grupos suplementarios tras los cambios de nombre de cuenta (SEC-260)."
}
],
"id": "CVE-2017-18453",
"lastModified": "2024-11-21T03:20:09.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de una acci\u00f3n Synchronize DNS Records de WHM (SEC-377)."
}
],
"id": "CVE-2018-20923",
"lastModified": "2024-11-21T04:02:28.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B834C7E-883B-443D-AA81-322C5EBADCCC",
"versionEndExcluding": "80.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 80.0.5, permite que las cuentas demo ejecuten c\u00f3digo arbitrario por medio del archivo ajax_maketext_syntax_util.pl (SEC-498)."
}
],
"id": "CVE-2019-14398",
"lastModified": "2024-11-21T04:26:40.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE17C627-68A7-40AC-88E6-45EF6C5F8298",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.125",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS in via a WHM \"Reset a DNS Zone\" action (SEC-412)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de una acci\u00f3n \"Reset a DNS Zone\" WHM (SEC-412)."
}
],
"id": "CVE-2018-20935",
"lastModified": "2024-11-21T04:02:30.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:14.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite un ataque de tipo XSS propio en Branding Images de Reseller X3 (SEC-88)."
}
],
"id": "CVE-2016-10823",
"lastModified": "2024-11-21T02:44:50.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FDBAC3-209F-487D-90DE-A1CE84159C10",
"versionEndExcluding": "88.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 88.0.13, maneja inapropiadamente el env\u00edo de extensiones de archivo, conllevando a una ejecuci\u00f3n de c\u00f3digo (SEC-488)"
}
],
"id": "CVE-2020-26108",
"lastModified": "2024-11-21T05:19:15.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite omitir la autenticaci\u00f3n porque los nombres de usuario de correo web son procesados inconsistentemente (SEC-499)."
}
],
"id": "CVE-2019-20490",
"lastModified": "2024-11-21T04:38:36.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:12.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite un ataque de tipo XSS propio en la interfaz Site Software Moderation (SEC-434)."
}
],
"id": "CVE-2018-20876",
"lastModified": "2024-11-21T04:02:22.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite que las cuentas demo ejecuten c\u00f3digo arbitrario mediante la API de la funci\u00f3n Fileman::viewfile (SEC-444)."
}
],
"id": "CVE-2018-20879",
"lastModified": "2024-11-21T04:02:22.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, cuando es usado PowerDNS, permite una ejecuci\u00f3n de c\u00f3digo arbitraria como root por medio de dnsadmin. (SEC-537)."
}
],
"id": "CVE-2020-10115",
"lastModified": "2024-11-21T04:54:50.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 88.0.3, presenta permisos d\u00e9biles (de tipo world readable) para el archivo de registro de subdominios proxy (SEC-558)"
}
],
"id": "CVE-2020-26106",
"lastModified": "2024-11-21T05:19:14.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite omitir la autenticaci\u00f3n debido al an\u00e1lisis inapropiado del formato del archivo de contrase\u00f1a (SEC-516)."
}
],
"id": "CVE-2019-20492",
"lastModified": "2024-11-21T04:38:36.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:12.893",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 57.9999.54, el archivo /scripts/enablefileprotect expuso los TTY (SEC-117)."
}
],
"id": "CVE-2016-10812",
"lastModified": "2024-11-21T02:44:48.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:13.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 62.0.4, los filtros canalizados de Exim se ejecutaron en el contexto de una cuenta de usuario incorrecta durante la entrega para un usuario del sistema (SEC-204)."
}
],
"id": "CVE-2017-18475",
"lastModified": "2024-11-21T03:20:12.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-22 17:04
Modified
2024-11-21 00:15
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F23C1C-4F4E-4BFA-8FF2-51BF76EAE0C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) dir de dohtaccess.html, o el par\u00e1metro (2) file en (a) editit.html o (b) showfile.html."
}
],
"id": "CVE-2006-4293",
"lastModified": "2024-11-21T00:15:35.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-22T17:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21592"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1442"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28041"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28042"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28043"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/443637/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19624"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/443637/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite operaciones file-chown arbitrarias por medio de la funci\u00f3n reassign_post_terminate_cruft (SEC-173)."
}
],
"id": "CVE-2016-10775",
"lastModified": "2024-11-21T02:44:43.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21055501-5E12-4498-8875-FB5EDC2523B2",
"versionEndExcluding": "57.9999.105",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 57.9999.105, permite la inyecci\u00f3n de newline por medio de registros LOC (CPANEL-6923)."
}
],
"id": "CVE-2016-10803",
"lastModified": "2024-11-21T02:44:47.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-93"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite un ataque de tipo auto-XSS por medio de una especificaci\u00f3n de un juego de caracteres temporal (SEC-515)."
}
],
"id": "CVE-2020-10113",
"lastModified": "2024-11-21T04:54:50.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05439744-CE36-4417-AD79-75C030D14CF0",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D01461E-2FCC-476C-8DA1-D353501A3502",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56A6AB-6824-4342-BB01-9E693DE90821",
"versionEndExcluding": "57.9999.54",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 57.9999.54, el archivo /scripts/maildir_converter expuso un TTY a un proceso no privilegiado (SEC-115)."
}
],
"id": "CVE-2016-10810",
"lastModified": "2024-11-21T02:44:48.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo ejecutar c\u00f3digo por medio de una llamada de la API de ImageManager_dimensions (SEC-243)."
}
],
"id": "CVE-2017-18439",
"lastModified": "2024-11-21T03:20:07.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite operaciones de lectura de archivos arbitrarias debido a un error de procesamiento de formularios multiparte (SEC-99)."
}
],
"id": "CVE-2016-10829",
"lastModified": "2024-11-21T02:44:51.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3948284A-684D-4B8E-B745-E560BEE97D58",
"versionEndExcluding": "70.0.57",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5258B190-67A6-434C-93C1-D2EC122BE75F",
"versionEndExcluding": "74.0.8",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in the WHM \"Create a New Account\" interface (SEC-428)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite un ataque de tipo XSS propio en la interfaz \"Create a New Account\" de WHM (SEC-428)."
}
],
"id": "CVE-2018-20874",
"lastModified": "2024-11-21T04:02:22.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.413",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-26 08:15
Modified
2024-11-21 06:06
Severity ?
Summary
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/94-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/94-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B291F269-577D-4EDD-8CE8-AD55C766AB22",
"versionEndExcluding": "94.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 94.0.3, permite un ataque de tipo auto-XSS por medio de EasyApache 4 Save Profile (SEC-581)"
}
],
"id": "CVE-2021-31803",
"lastModified": "2024-11-21T06:06:15.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-26T08:15:07.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-09 16:15
Modified
2024-11-21 04:32
Severity ?
Summary
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15F8D235-EEA4-42B6-BF23-AB5FD9E7662B",
"versionEndExcluding": "78.0.39",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46F3AB06-4280-4FCD-8DDC-393FA7444B53",
"versionEndExcluding": "82.0.15",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.15, permite un ataque de tipo XSS auto almacenado en la interfaz WHM SSL Storage Manager (SEC-527)."
}
],
"id": "CVE-2019-17379",
"lastModified": "2024-11-21T04:32:13.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-09T16:15:15.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://forums.cpanel.net/threads/cpanel-tsr-2015-0006-full-disclosure.510181/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B899CE76-F4D2-4845-BF2F-5C7E24735526",
"versionEndExcluding": "11.48.4.8",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9A02AA-A447-4AD5-B6B4-0E0104A8E19D",
"versionEndExcluding": "11.50.3.1",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF7E4948-CCFF-459D-8FF6-E385D50A57AD",
"versionEndExcluding": "11.52.0.23",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAF88E2-FF31-4FAE-A7F0-EF19973A4413",
"versionEndExcluding": "11.52.1.1",
"versionStartIncluding": "11.52.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.0, permite la ejecuci\u00f3n de c\u00f3digo arbitraria no autenticada por medio de envenenamiento de entrada NS de DNS (SEC-64)."
}
],
"id": "CVE-2016-10858",
"lastModified": "2024-11-21T02:44:55.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2015-0006-full-disclosure.510181/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B834C7E-883B-443D-AA81-322C5EBADCCC",
"versionEndExcluding": "80.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 80.0.5, permite a las cuentas demo modificar archivos arbitrarios por medio de la llamada extractfile API1 (SEC-496)."
}
],
"id": "CVE-2019-14397",
"lastModified": "2024-11-21T04:26:40.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo ejecutar c\u00f3digo por medio de la API de BoxTrapper (SEC-238)."
}
],
"id": "CVE-2017-18435",
"lastModified": "2024-11-21T03:20:06.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:13.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B24A9B-F2D3-4282-9270-0A6E3166B726",
"versionEndExcluding": "56.0.52",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7EBC48-3B0B-4641-9A6F-57229E8CE7D3",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 67.9999.103, permite un ataque de tipo XSS almacenado en las interfaces MySQL Password Change de WHM (SEC-282)."
}
],
"id": "CVE-2017-18408",
"lastModified": "2024-11-21T03:20:02.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B834C7E-883B-443D-AA81-322C5EBADCCC",
"versionEndExcluding": "80.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495)."
},
{
"lang": "es",
"value": "El adminbin de API Analytics en cPanel anterior a versi\u00f3n 80.0.5, permite inserciones suplantadas de datos de registro (SEC-495)."
}
],
"id": "CVE-2019-14396",
"lastModified": "2024-11-21T04:26:39.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-05 17:02
Modified
2024-11-21 00:12
Severity ?
Summary
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user\u0027s own open_basedir directive, but not the main server\u0027s open_basedir directive."
}
],
"id": "CVE-2006-2825",
"lastModified": "2024-11-21T00:12:10.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-05T17:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31835"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1039"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26613"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "986CEA47-A182-4DFF-BE62-BA6CDBB34554",
"versionEndExcluding": "74.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows stored XSS in WHM \"File and Directory Restoration\" interface (SEC-441)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.8, permite un ataque de tipo XSS almacenado en la interfaz \"File and Directory Restoration\" de WHM (SEC-441)."
}
],
"id": "CVE-2018-20878",
"lastModified": "2024-11-21T04:02:22.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:12.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite operaciones arbitrarias de file-chown y file-chmod durante las conversiones de bases de datos de Roundcube. (SEC-79)."
}
],
"id": "CVE-2016-10846",
"lastModified": "2024-11-21T02:44:53.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://forums.cpanel.net/threads/cpanel-tsr-2016-0002-full-disclosure.534481/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E8E0F9-EE9B-4F69-8D53-87179BC1B6A9",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.52.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27155D28-DF4C-41C6-A1BC-1EA661B01554",
"versionEndExcluding": "11.54.0.20",
"versionStartExcluding": "11.54.0.0.",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite que los demonios accedan a sus TTY de control (SEC-31)."
}
],
"id": "CVE-2016-10820",
"lastModified": "2024-11-21T02:44:49.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:14.063",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2016-0002-full-disclosure.534481/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite la omisi\u00f3n de la ACL para aplicaciones AppConfig por medio de magic_revision (SEC-100)."
}
],
"id": "CVE-2016-10830",
"lastModified": "2024-11-21T02:44:51.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:11.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73688389-0B7B-4AB8-81E6-24B96618EB21",
"versionEndExcluding": "70.0.53",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, permite la modificaci\u00f3n de archivos en el contexto de la cuenta root debido a una autenticaci\u00f3n HTTP incorrecta (SEC-424)."
}
],
"id": "CVE-2018-20888",
"lastModified": "2024-11-21T04:02:23.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:11.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de una acci\u00f3n Edit DNS Zone de WHM (SEC-369)."
}
],
"id": "CVE-2018-20915",
"lastModified": "2024-11-21T04:02:27.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 14:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBE994D-E107-4384-98AC-FE42A4BEBE68",
"versionEndExcluding": "11.52.6.6",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AF87F9-CFA5-4942-B62E-A0C032D86510",
"versionEndExcluding": "11.54.0.29",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5A07E2-FF68-4F7B-AE0B-EA7BB2710D32",
"versionEndExcluding": "56.0.34",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0244CA83-34E0-435A-94AA-3D84151A4CD0",
"versionEndExcluding": "58.0.29",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC3C7FC-99F6-4307-BE35-08C4E2ABBA2E",
"versionEndExcluding": "59.9999.145",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 59.9999.145, permite operaciones de lectura de archivos arbitrarias debido a un error de procesamiento de formularios multiparte (SEC-154)."
}
],
"id": "CVE-2016-10794",
"lastModified": "2024-11-21T02:44:46.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T14:15:11.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo ejecutar c\u00f3digo por medio de llamadas de la API de Encoding (SEC-242)."
}
],
"id": "CVE-2017-18438",
"lastModified": "2024-11-21T03:20:07.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.403",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9899DDC-56E1-49F8-A162-A50269AAA8C4",
"versionEndExcluding": "78.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.18, determina de forma no segura las capacidades del terminal mediante el uso de infocmp (SEC-481)."
}
],
"id": "CVE-2019-14402",
"lastModified": "2024-11-21T04:26:40.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-11 16:15
Modified
2024-11-21 05:00
Severity ?
Summary
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5CC2C0-D870-43DD-A1BA-0F583C4F3356",
"versionEndExcluding": "11.78.0.47",
"versionStartIncluding": "11.78.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6260EEE-B41B-40F4-8737-21EE83B665B1",
"versionEndExcluding": "11.84.0.22",
"versionStartIncluding": "11.84.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B56BFF5-15A6-4D4C-B4B5-D7F8B9E40378",
"versionEndExcluding": "11.86.0.14",
"versionStartIncluding": "11.86.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 86.0.14, permite a atacantes obtener acceso al directorio de trabajo actual por medio de la funcionalidad account backup (SEC-540)."
}
],
"id": "CVE-2020-12785",
"lastModified": "2024-11-21T05:00:17.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T16:15:13.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0B897-CD1C-46D1-9F21-FB0FA041E8AA",
"versionEndExcluding": "90.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 90.0.10, permite un ataque de tipo auto-XSS por medio de la interfaz Cron Jobs (SEC-573)"
}
],
"id": "CVE-2020-26114",
"lastModified": "2024-11-21T05:19:16.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BD6FC3-11D4-47B4-8BD3-CF2CBE7B1138",
"versionEndExcluding": "56.0.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "736F9A38-5BD2-441A-A9D3-25BF752C8928",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F311F5-58EF-4985-A79D-8614EB1A0709",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "62.0.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A63076C-335A-47AD-AEF5-6556B630770D",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "64.0.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B349761-D09A-477E-93D9-E053A2AC8732",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "66.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 67.9999.103, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de la cuenta mailman debido al filtrado incorrecto de la variable de entorno (SEC-302)."
}
],
"id": "CVE-2017-18415",
"lastModified": "2024-11-21T03:20:03.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite que las cuentas de usuario sean creadas parcialmente con formatos de nombre de usuario no v\u00e1lidos (SEC-334)."
}
],
"id": "CVE-2017-18401",
"lastModified": "2024-11-21T03:20:01.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:12.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, no utiliza TLS para las Post de HTTP en archivo listinput.cpanel.net (SEC-192)."
}
],
"id": "CVE-2016-10790",
"lastModified": "2024-11-21T02:44:45.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:12.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite la sobrescritura de archivos al renombrar una cuenta (SEC-219)."
}
],
"id": "CVE-2017-18458",
"lastModified": "2024-11-21T03:20:10.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7EB24A-90DC-4041-9D8D-85E79814A456",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.52.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite un ataque de tipo XSS propio en la interfaz PHP Configuration Editor de WHM (SEC-84)."
}
],
"id": "CVE-2016-10851",
"lastModified": "2024-11-21T02:44:54.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite determinadas operaciones de escritura de archivo por medio del script telnetcrt (SEC-356)."
}
],
"id": "CVE-2018-20947",
"lastModified": "2024-11-21T04:02:32.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 88.0.3, tras una actualizaci\u00f3n, establece claves de la API PowerDNS predecibles (SEC-561)"
}
],
"id": "CVE-2020-26107",
"lastModified": "2024-11-21T05:19:14.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite operaciones de creaci\u00f3n de archivos y chmod de archivos durante el procesamiento del archivo de registro de ModSecurity Audit (SEC-165)."
}
],
"id": "CVE-2016-10771",
"lastModified": "2024-11-21T02:44:42.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/88-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEBC297-7EE1-4950-9EAA-E20B0EDBFD05",
"versionEndExcluding": "88.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 88.0.3, son usadas credenciales RNDC no seguras para BIND en una VM con plantilla (SEC-549)"
}
],
"id": "CVE-2020-26101",
"lastModified": "2024-11-21T05:19:13.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:13.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite la ejecuci\u00f3n de c\u00f3digo arbitrario durante la instalaci\u00f3n autom\u00e1tica de SSL (SEC-221)."
}
],
"id": "CVE-2017-18460",
"lastModified": "2024-11-21T03:20:10.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:14.090",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73688389-0B7B-4AB8-81E6-24B96618EB21",
"versionEndExcluding": "70.0.53",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, permite operaciones de cambio de nombre de archivo durante los cambios de nombre de cuenta (SEC-442)."
}
],
"id": "CVE-2018-20893",
"lastModified": "2024-11-21T04:02:24.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite omitir las restricciones de .htaccess cuando Htaccess Optimization est\u00e1 habilitado (SEC-401)."
}
],
"id": "CVE-2018-20930",
"lastModified": "2024-11-21T04:02:29.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite que las cuentas demo ejecuten c\u00f3digo por medio de la P\u00e1gina Landing (SEC-405)."
}
],
"id": "CVE-2018-20931",
"lastModified": "2024-11-21T04:02:29.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:13.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-24 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html."
}
],
"id": "CVE-2004-1849",
"lastModified": "2024-11-20T23:51:53.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-24T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108006627005371\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1009541"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4529"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4530"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9965"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108006627005371\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1009541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/4530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15517"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25 , permite un ataque de tipo XSS almacenado en la interfaz de WHM Repair Mailbox Permissions(SEC-159)."
}
],
"id": "CVE-2016-10767",
"lastModified": "2024-11-21T02:44:42.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7408F14F-6D46-411A-B62A-08F632537813",
"versionEndExcluding": "66.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows resellers to read other accounts\u0027 domain log files (SEC-288)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 66.0.2, permite a los proveedores (resellers) leer los archivos de registro de dominio de otras cuentas (SEC-288)."
}
],
"id": "CVE-2017-18426",
"lastModified": "2024-11-21T03:20:05.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "688E88AF-7811-4BD7-89DA-4D9569D0EDB8",
"versionEndExcluding": "71.9980.37",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite un ataque de tipo XSS almacenado en la interfaz de instalaci\u00f3n cPAddons de WHM (SEC-398)."
}
],
"id": "CVE-2018-20899",
"lastModified": "2024-11-21T04:02:25.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.970",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472)."
},
{
"lang": "es",
"value": "Maketext en cPanel anterior a versi\u00f3n 78.0.2, permite la inyecci\u00f3n de cadenas de formato en la UAPI store_filter del Correo Electr\u00f3nico (SEC-472)."
}
],
"id": "CVE-2019-14410",
"lastModified": "2024-11-21T04:26:41.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:12.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-16 21:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite a atacantes aprovechar las cuentas de correo virtuales para omitir las suspensiones de cuenta (SEC-508)."
}
],
"id": "CVE-2019-20491",
"lastModified": "2024-11-21T04:38:36.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T21:15:12.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS auto almacenado en la API de listftpstable (SEC-178)."
}
],
"id": "CVE-2016-10778",
"lastModified": "2024-11-21T02:44:43.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.307",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-07 18:06
Modified
2024-11-21 00:06
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F23C1C-4F4E-4BFA-8FF2-51BF76EAE0C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en cPanel 10 y versiones anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante el par\u00e1metro (1) email a (a) editquota.html o (b) dodelpop.html; par\u00e1metro (2) showtree a (c) diskusage.html; o el par\u00e1metro (3) mon, (4) year, (5) target o (6) domain a (d) stats/detailbw.html."
}
],
"id": "CVE-2006-0573",
"lastModified": "2024-11-21T00:06:46.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-07T18:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0025.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=113898556313924\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18695"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22936"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22937"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22938"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22939"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=113898556313924\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EA0B13-FD55-406C-A2F8-0131776B4229",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D07669A4-F8F7-4C24-AB49-C674E57AC3EA",
"versionEndExcluding": "55.9999.141",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite operaciones arbitrarias de lectura de archivos durante la autenticaci\u00f3n con caldav (SEC-108)."
}
],
"id": "CVE-2016-10836",
"lastModified": "2024-11-21T02:44:52.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.163",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C177C99D-46D6-4634-B716-84396FFBAAFA",
"versionEndExcluding": "11.50.6.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C26391-C053-4410-A145-8BED0235D4B7",
"versionEndExcluding": "11.52.6.1",
"versionStartIncluding": "11.52.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E5B5B5-42B0-4C5F-B354-C9845CE31F50",
"versionEndExcluding": "11.54.0.24",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "034B4A2E-5445-44D2-94F9-E1176BF78B56",
"versionEndExcluding": "56.0.15",
"versionStartIncluding": "56.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 57.9999.54, los archivos de registro de usuario se vuelven legibles por todo el mundo durante un rotado mediante cpanellogd (SEC-125) los rota."
}
],
"id": "CVE-2016-10819",
"lastModified": "2024-11-21T02:44:49.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:13.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BD6FC3-11D4-47B4-8BD3-CF2CBE7B1138",
"versionEndExcluding": "56.0.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "736F9A38-5BD2-441A-A9D3-25BF752C8928",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F311F5-58EF-4985-A79D-8614EB1A0709",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "62.0.31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A63076C-335A-47AD-AEF5-6556B630770D",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "64.0.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B349761-D09A-477E-93D9-E053A2AC8732",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "66.0.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 67.9999.103, permite una redireccionamiento abierto en el archivo /unprotected/redirect.html (SEC-300)."
}
],
"id": "CVE-2017-18414",
"lastModified": "2024-11-21T03:20:03.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "688E88AF-7811-4BD7-89DA-4D9569D0EDB8",
"versionEndExcluding": "71.9980.37",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, no aplica la restricci\u00f3n de la funcionalidad API de la funci\u00f3n Mime::list_hotlinks (SEC-432)."
}
],
"id": "CVE-2018-20907",
"lastModified": "2024-11-21T04:02:26.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite determinadas operaciones de lectura de archivos en el archivo bin/setup_global_spam_filter.pl (SEC-74)."
}
],
"id": "CVE-2016-10842",
"lastModified": "2024-11-21T02:44:53.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467)."
},
{
"lang": "es",
"value": "La funcionalidad de transporte WebDAV en cPanel anterior a versi\u00f3n 76.0.8, habilita el registro de depuraci\u00f3n (SEC-467)."
}
],
"id": "CVE-2018-20870",
"lastModified": "2024-11-21T04:02:21.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo auto XSS en la interfaz del archivo tail_ea4_migration.cgi (SEC-172)."
}
],
"id": "CVE-2016-10774",
"lastModified": "2024-11-21T02:44:43.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 82.0.18, permite un ataque de tipo XSS almacenado por medio de WHM Backup Restoration (SEC-533)."
}
],
"id": "CVE-2019-20497",
"lastModified": "2024-11-21T04:38:37.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite a una cuenta demo lograr una ejecuci\u00f3n de c\u00f3digo por medio de las API PassengerApps (SEC-546)."
}
],
"id": "CVE-2020-10121",
"lastModified": "2024-11-21T04:54:51.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:14.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/76+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0BD201-96EA-43A7-BA39-144DB96D036D",
"versionEndExcluding": "76.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 76.0.8, realiza de forma no confiable los cambios de contrase\u00f1a de PostgreSQL (SEC-366)"
}
],
"id": "CVE-2018-20862",
"lastModified": "2024-11-21T04:02:20.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:10.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73)."
},
{
"lang": "es",
"value": "El script bin/mkvhostspasswd en cPanel anterior a versi\u00f3n 11.54.0.4, revela hashes de contrase\u00f1a (SEC-73)."
}
],
"id": "CVE-2016-10841",
"lastModified": "2024-11-21T02:44:52.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0001-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-199"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.2, revela datos internos a proveedores de OpenID (SEC-415)."
}
],
"id": "CVE-2019-14407",
"lastModified": "2024-11-21T04:26:41.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.873",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-20 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/13996 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/13996 | Exploit, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page."
}
],
"id": "CVE-2005-2021",
"lastModified": "2024-11-20T23:58:37.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-06-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/13996"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite la ejecuci\u00f3n de c\u00f3digo por medio de archivos de configuraci\u00f3n de Rails (SEC-259)."
}
],
"id": "CVE-2017-18452",
"lastModified": "2024-11-21T03:20:09.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-18 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuenicias de comandos en sitios cruzados (XSS) en cPanel 6.4.2 permite a atacantes remotos insertar HTML arbitrario y posiblemente ganar privilegios de adminstrador de cPanel mediante c\u00f3digo en una URL que es registrada pero no entrecomillada adecuadamente cuando se visualiza mediante el Registro de Errores o la pantalla de \u00daltimos Visitantes."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\ncPanel, cPanel, 7.0",
"id": "CVE-2003-0521",
"lastModified": "2024-11-20T23:44:55.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105760556627616\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105760556627616\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 14:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94CBEF90-D1C6-4E12-8117-164F42A89DD9",
"versionEndExcluding": "60.0.15",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.15, no asegura que las cuentas del sistema carezcan de una contrase\u00f1a v\u00e1lida, lo que imposibilita los inicios de sesi\u00f3n (CPANEL-9559)."
}
],
"id": "CVE-2016-10791",
"lastModified": "2024-11-21T02:44:45.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T14:15:11.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/80+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B834C7E-883B-443D-AA81-322C5EBADCCC",
"versionEndExcluding": "80.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 80.0.5, utiliza permisos de lectura world para el registro Queueprocd (SEC-494)."
}
],
"id": "CVE-2019-14395",
"lastModified": "2024-11-21T04:26:39.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.170",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de la cuenta nobody por medio de archivos de Mailman (SEC-337)."
}
],
"id": "CVE-2017-18403",
"lastModified": "2024-11-21T03:20:02.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite una inyecci\u00f3n de formato de cadenas en dovecot-xaps-plugin (SEC-318)."
}
],
"id": "CVE-2017-18389",
"lastModified": "2024-11-21T03:20:00.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 13:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/82+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AAF02DB-E93E-470A-A1C9-ADED148EF6CF",
"versionEndExcluding": "82.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 82.0.2, no aplica apropiadamente la creaci\u00f3n de la ACL de paquetes Reseller (SEC-514)."
}
],
"id": "CVE-2019-14391",
"lastModified": "2024-11-21T04:26:39.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T13:15:18.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-11 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=107911581732035&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/11124 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/831534 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/9855 | Exploit, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/15486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=107911581732035&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/11124 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/831534 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/9855 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/15486 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter."
}
],
"id": "CVE-2004-1770",
"lastModified": "2024-11-20T23:51:42.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-11T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107911581732035\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11124"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9855"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107911581732035\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15486"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7EB24A-90DC-4041-9D8D-85E79814A456",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.52.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite un ataque de tipo XSS propio en la interfaz Entropy Banner de X3 (SEC-87)."
}
],
"id": "CVE-2016-10854",
"lastModified": "2024-11-21T02:44:54.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:12.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2016-0001-full-disclosure.522571/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9C5E6B-ADA9-4C43-BF11-004BA45AB616",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9435A6B6-54C3-4072-ABD3-EFA966EC3E3B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "923B5DF2-0F38-4780-A5FE-5DE690D8DC11",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48CC56C7-8AAD-4222-A368-D16369546408",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6AACBD-F1B1-473A-976D-3775D78BB335",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a las cuentas demo leer archivos por medio de una llamada de la API2 de la funci\u00f3n Fileman::getfileactions (SEC-239)."
}
],
"id": "CVE-2017-18436",
"lastModified": "2024-11-21T03:20:06.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:12.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:38
Severity ?
Summary
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F482ADA6-F3AF-4EBA-A7C9-03C7B9BB6AEA",
"versionEndExcluding": "78.0.43",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13BFBDE4-58CC-4438-8E91-A37137A847DB",
"versionEndExcluding": "82.0.18",
"versionStartIncluding": "81.9999.242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49C71440-6734-4BE6-AB32-094EB480868A",
"versionEndExcluding": "84.0.10",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525)."
},
{
"lang": "es",
"value": "En cPanel versiones anteriores a 82.0.18, una funci\u00f3n Cpanel::Rand::Get puede producir una serie de n\u00fameros predecibles. (SEC-525)."
}
],
"id": "CVE-2019-20494",
"lastModified": "2024-11-21T04:38:36.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7EBC48-3B0B-4641-9A6F-57229E8CE7D3",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 67.9999.103, permite la inyecci\u00f3n SQL durante el procesamiento de eximstats (SEC-276)."
}
],
"id": "CVE-2017-18406",
"lastModified": "2024-11-21T03:20:02.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 19:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/56+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/56+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A6710E-A1D7-4A7D-AD47-8D7B7A78BA61",
"versionEndExcluding": "11.50.5.2",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79E8E0F9-EE9B-4F69-8D53-87179BC1B6A9",
"versionEndExcluding": "11.52.4.1",
"versionStartIncluding": "11.52.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4508F93-DA23-4AFC-AA20-92A6C271F6B1",
"versionEndExcluding": "11.54.0.20",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 55.9999.141, permite a los atacantes omitir la Autenticaci\u00f3n de Dos Factores por medio de peticiones de implementaci\u00f3n de un cl\u00faster de DNS (SEC-93)."
}
],
"id": "CVE-2016-10826",
"lastModified": "2024-11-21T02:44:50.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T19:15:14.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/64+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE91306B-6904-409F-B07B-138F02A33F40",
"versionEndExcluding": "56.0.49",
"versionStartIncluding": "56.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC7D380-7D81-410E-BCBA-849B43DF3D9B",
"versionEndExcluding": "58.0.49",
"versionStartIncluding": "58.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C30C71E1-3637-4822-BB84-7DD3888F30DB",
"versionEndExcluding": "60.0.43",
"versionStartIncluding": "60.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C618804-1CA5-4B06-9707-9B61F8A7F642",
"versionEndExcluding": "62.0.24",
"versionStartIncluding": "62.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7DCF36-29DD-4EBC-8F12-2951DF18FDA8",
"versionEndExcluding": "64.0.21",
"versionStartIncluding": "64.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows attackers to read a user\u0027s crontab file during a short time interval upon a cPAddon upgrade (SEC-257)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 64.0.21, permite a los atacantes leer el archivo crontab de un usuario durante un intervalo de tiempo corto sobre una actualizaci\u00f3n de cPAddon (SEC-257)."
}
],
"id": "CVE-2017-18451",
"lastModified": "2024-11-21T03:20:09.127",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:13.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0003-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 13:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E87EAE26-4A85-4204-AC16-376D83432344",
"versionEndExcluding": "74.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367)."
},
{
"lang": "es",
"value": "cPanel anterior de la versi\u00f3n 74.0.0 permite XSS almacenado en la interfaz WHM File Restoration (SEC-367)."
}
],
"id": "CVE-2018-20884",
"lastModified": "2024-11-21T04:02:23.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T13:15:13.070",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/72+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82D3F837-7718-480E-8B21-A9615D5ED1FB",
"versionEndExcluding": "62.0.47",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "394B95B8-BB4A-4841-B843-26273F1082F2",
"versionEndExcluding": "68.0.39",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111BF24F-8605-4E04-B156-85655AD53853",
"versionEndExcluding": "70.0.43",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 71.9980.37, permite a los atacantes realizar llamadas de la API que omiten la restricci\u00f3n de la funcionalidad images (SEC-430)."
}
],
"id": "CVE-2018-20906",
"lastModified": "2024-11-21T04:02:26.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:13.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-22 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "491676C3-2D5C-4FF6-BF57-A86A253FB9CC",
"versionEndIncluding": "10.9.0_build_10300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D353FD60-0C3F-47C5-B9CD-301992671148",
"versionEndIncluding": "11.4.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante el URI.\r\nNOTA: El origen de esta informaci\u00f3n es desconocido; los detalles se han obtenido solamente de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-3366",
"lastModified": "2024-11-21T00:33:03.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-22T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25722"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24586"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35008"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B24A9B-F2D3-4282-9270-0A6E3166B726",
"versionEndExcluding": "56.0.52",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7EBC48-3B0B-4641-9A6F-57229E8CE7D3",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 67.9999.103, la interfaz backup podr\u00eda devolver un archivo de copia de seguridad con todas las bases de datos MySQL (SEC-283)."
}
],
"id": "CVE-2017-18409",
"lastModified": "2024-11-21T03:20:03.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 14:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/74+Change+Log | Product, Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73688389-0B7B-4AB8-81E6-24B96618EB21",
"versionEndExcluding": "70.0.53",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "184D2619-DE51-4D83-AAB6-60021B2ED16E",
"versionEndExcluding": "72.0.10",
"versionStartIncluding": "71.9980.30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9CF9C2F-0449-49BD-80C5-878F2F4FD3FC",
"versionEndExcluding": "74.0.0",
"versionStartIncluding": "73.9980.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 74.0.0, permite modificaciones arbitrarias de archivos de zona durante las ediciones de registros (SEC-426)."
}
],
"id": "CVE-2018-20890",
"lastModified": "2024-11-21T04:02:24.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T14:15:12.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2018-0004-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024",
"versionEndExcluding": "11.54.0.36",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D11E1492-C7CE-42BA-A721-1163B4C9EA22",
"versionEndExcluding": "56.0.43",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8193ADD4-1299-49BA-AE70-F515F12D01D0",
"versionEndExcluding": "58.0.43",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0",
"versionEndExcluding": "60.0.35",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "448BB5AF-3153-4957-A76B-04057E42C912",
"versionEndExcluding": "62.0.4",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 62.0.4, podr\u00edan presentarse comprobaciones incorrectas de la ACL en la api xml para acciones de Reorganizar Cuenta (SEC-207)."
}
],
"id": "CVE-2017-18478",
"lastModified": "2024-11-21T03:20:12.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:12.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.2, permite operaciones de lectura de archivos arbitrarias por medio de adminbin de Passenger (SEC-466)."
}
],
"id": "CVE-2019-14409",
"lastModified": "2024-11-21T04:26:41.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:12.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS propio en la Configuraci\u00f3n de Ajustes de WHM para autodiscover_host (SEC-177)."
}
],
"id": "CVE-2016-10777",
"lastModified": "2024-11-21T02:44:43.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, permite a una cuenta demo modificar archivos por medio de llamadas a la API Branding (SEC-543)."
}
],
"id": "CVE-2020-10118",
"lastModified": "2024-11-21T04:54:51.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58CDDB1F-721D-4700-BA1C-77A92EDD0B98",
"versionEndExcluding": "62.0.42",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B35C1C8-1313-4EA7-B7DA-72EF53B9D9AB",
"versionEndExcluding": "68.0.33",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D4705455-5EC7-4866-B39C-9A4A8C7E997C",
"versionEndExcluding": "70.0.23",
"versionStartIncluding": "69.9999.122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, no impide que suspensiones de cuentas de correo electr\u00f3nico sean aplicadas en cuentas de no propietario (SEC-411)."
}
],
"id": "CVE-2018-20934",
"lastModified": "2024-11-21T04:02:30.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:14.147",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-05 11:02
Modified
2024-11-21 00:02
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.2.0_r82:*:*:*:*:*:*:*",
"matchCriteriaId": "BA952D50-2FB6-4517-98D4-8D345056EF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.6.0_r137:*:*:*:*:*:*:*",
"matchCriteriaId": "543BFD7C-EF52-4B5D-981F-947FB328EE53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as \u003cb\u003e, which are processed by Internet Explorer."
}
],
"id": "CVE-2005-3505",
"lastModified": "2024-11-21T00:02:03.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-05T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16609"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-56/advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/148"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015157"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20459"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/415722/30/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15327"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2005-56/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/415722/30/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-30 15:15
Modified
2024-11-21 04:26
Severity ?
Summary
cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/78+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326B3082-5A3E-4351-BD67-4655715FE655",
"versionEndExcluding": "78.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 78.0.2, permite que una cuenta demo se enlace con un proveedor de OpenID (SEC-460)."
}
],
"id": "CVE-2019-14408",
"lastModified": "2024-11-21T04:26:41.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-30T15:15:11.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B24A9B-F2D3-4282-9270-0A6E3166B726",
"versionEndExcluding": "56.0.52",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "179399A2-B445-44BF-BB64-F212CB267EB0",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 67.9999.103, the backup system overwrites root\u0027s home directory when a mount disappears (SEC-299)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 67.9999.103, el sistema de copia de seguridad sobrescribe el directorio de inicio de root cuando un montaje desaparece (SEC-299)."
}
],
"id": "CVE-2017-18413",
"lastModified": "2024-11-21T03:20:03.687",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.693",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 16:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/54+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5551CB50-D374-47FE-9E81-7861238613CB",
"versionEndExcluding": "11.48.5.2",
"versionStartIncluding": "11.48.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94940D22-4AC3-410A-8129-867C109B4C88",
"versionEndExcluding": "11.50.4.3",
"versionStartIncluding": "11.50.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41124091-A91C-405B-A3E3-FB89ABF53CBC",
"versionEndExcluding": "11.52.2.4",
"versionStartIncluding": "11.51.9999.98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0587BD-B593-4A38-A0AC-7F027290594A",
"versionEndExcluding": "11.54.0.4",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 11.54.0.4, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de usuarios compartidos por medio de la API de JSON (SEC-76)."
}
],
"id": "CVE-2016-10843",
"lastModified": "2024-11-21T02:44:53.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T16:15:12.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 06:15
Modified
2024-11-21 05:19
Severity ?
Summary
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.cpanel.net/changelogs/90-change-log/ | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E0B897-CD1C-46D1-9F21-FB0FA041E8AA",
"versionEndExcluding": "90.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 90.0.10, permite un ataque de tipo auto-XSS por medio de la interfaz WHM Edit DNS Zone (SEC-566)"
}
],
"id": "CVE-2020-26111",
"lastModified": "2024-11-21T05:19:15.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T06:15:14.537",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-01 13:00
Modified
2024-11-21 01:04
Severity ?
Summary
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DCA10E29-1DDD-44D8-A7D9-74BE0315CE4E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en frontend/x3/stats/lastvisit.html en cPanel, permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de ..(punto punto) en el par\u00e1metro \"domain\"."
}
],
"id": "CVE-2009-2275",
"lastModified": "2024-11-21T01:04:30.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-01T13:00:01.610",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9039"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35518"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022490"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51426"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 13:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://forums.cpanel.net/threads/cpanel-tsr-2017-0006-full-disclosure.615839/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "803D8E28-06A7-4D3C-861F-EBCE8ED61B3A",
"versionEndExcluding": "62.0.35",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C170CE5-10F2-4638-9ABA-55E5C44176D9",
"versionEndExcluding": "64.0.42",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F465016-041B-48FD-B659-8698FF0E8181",
"versionEndExcluding": "66.0.34",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF55CA0-F55E-4DCA-8EB0-3DD897251D6B",
"versionEndExcluding": "68.0.15",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.15, permite a los atacantes leer archivos de copia de seguridad debido a que son legibles por todo el mundo durante un intervalo de tiempo corto (SEC-323)."
}
],
"id": "CVE-2017-18391",
"lastModified": "2024-11-21T03:20:00.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T13:15:11.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2017-0006-full-disclosure.615839/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 16:15
Modified
2024-11-21 03:20
Severity ?
Summary
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/66+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F18E-DCE6-4780-9A4D-A95E1C44AD2B",
"versionEndExcluding": "56.0.51",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E1655B2-A0F5-48FD-9A8C-03129C02A2DE",
"versionEndExcluding": "58.0.52",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBFF216-2F0A-48F8-9A4D-63179DFACD53",
"versionEndExcluding": "60.0.45",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F646E95-64DD-4F95-9CF2-DD02A8E15931",
"versionEndExcluding": "62.0.27",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EC469B-7352-479A-B1A2-A8564B979477",
"versionEndExcluding": "64.0.33",
"versionStartIncluding": "63.9999.74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53F31B57-361E-4D48-AF91-85DFA98D0011",
"versionEndExcluding": "66.0.2",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289)."
},
{
"lang": "es",
"value": "En cPanel anterior a versi\u00f3n 66.0.2, pueden presentarse permisos d\u00e9biles de archivos de registro despu\u00e9s de la modificaci\u00f3n de cuenta (SEC-289)."
}
],
"id": "CVE-2017-18427",
"lastModified": "2024-11-21T03:20:05.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T16:15:12.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-275"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 15:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/70+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67363616-6DDB-4210-A24D-EF56C0EBD8ED",
"versionEndExcluding": "70.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 70.0.23, permite un ataque de tipo XSS almacenado por medio de una acci\u00f3n DNS Cleanup de WHM (SEC-376)."
}
],
"id": "CVE-2018-20922",
"lastModified": "2024-11-21T04:02:28.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T15:15:14.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-27 01:07
Modified
2024-11-21 00:17
Severity ?
Summary
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cpanel | cpanel | 5.0 | |
| cpanel | cpanel | 5.3 | |
| cpanel | cpanel | 6.0 | |
| cpanel | cpanel | 6.2 | |
| cpanel | cpanel | 6.4 | |
| cpanel | cpanel | 6.4.1 | |
| cpanel | cpanel | 6.4.2 | |
| cpanel | cpanel | 6.4.2_stable_48 | |
| cpanel | cpanel | 7.0 | |
| cpanel | cpanel | 8.0 | |
| cpanel | cpanel | 9.0 | |
| cpanel | cpanel | 9.1 | |
| cpanel | cpanel | 9.1.0_r85 | |
| cpanel | cpanel | 9.4.1_r64 | |
| cpanel | cpanel | 9.9.1_r3 | |
| cpanel | cpanel | 10.2.0_r82 | |
| cpanel | cpanel | 10.6.0_r137 | |
| cpanel | cpanel | 10.8.1_113 | |
| cpanel | cpanel | 10.8.2_118 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B33AE8-75A8-4454-A1A3-33F4034015FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4394768-37BE-4FC5-A65A-28C0295A33B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC52A018-43E8-4D86-A84C-81064B6ACD74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC66D8D-01B8-4312-A311-ACAB43699071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E892FB52-DB84-422F-ABB6-29AB95726138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC5C591-69F3-411F-A53A-72D17687CA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "92D81000-1A7C-4465-9EE2-E651AED09F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B555B5-E66F-4E37-A5BC-E04CBDFA4F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "09258895-32E6-49AC-8C96-D2838A0C8E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B4F9F98-08A2-430B-BC96-B30DCA165F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32D546C9-674B-4683-9EC5-18156CE04B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E915DEA-1BA9-429D-97D5-CA3D37C969B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.1.0_r85:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9DDCBE-8A9C-44FC-8A24-47933CE057F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.4.1_r64:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE8C284-5264-4AEB-B8F8-4A58B021A9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:9.9.1_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "414CFCA8-87FC-436E-9C41-ACB316578E3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.2.0_r82:*:*:*:*:*:*:*",
"matchCriteriaId": "BA952D50-2FB6-4517-98D4-8D345056EF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.6.0_r137:*:*:*:*:*:*:*",
"matchCriteriaId": "543BFD7C-EF52-4B5D-981F-947FB328EE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.8.1_113:*:*:*:*:*:*:*",
"matchCriteriaId": "E4CD9052-093E-4B8D-8ABE-43CD6156CAD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:10.8.2_118:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC79360-2E49-420A-A3D0-1CF54CAE7CE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en cPanel anterior a 10.9.0 12 Tree permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados en (1) mysqladmin y (2) hooksadmin."
}
],
"id": "CVE-2006-5014",
"lastModified": "2024-11-21T00:17:30.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-27T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://changelog.cpanel.net/?build=\u0026showall=1"
},
{
"source": "cve@mitre.org",
"url": "http://forums.cpanel.net/showthread.php?t=58134"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22072"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016913"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://changelog.cpanel.net/?build=\u0026showall=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.cpanel.net/showthread.php?t=58134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20163"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-07 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/58+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "315E7D30-1B7E-43A2-A405-FAED84DEA24C",
"versionEndExcluding": "11.54.0.26",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E59834-A31B-4BBD-AA31-C85BA27E1BBB",
"versionEndExcluding": "56.0.27",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2220C8-D448-4F18-B279-8079FA963005",
"versionEndExcluding": "58.0.4",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 has improper session handling for shared users (SEC-139)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 58.0.4, presenta un manejo de sesi\u00f3n inapropiado para usuarios compartidos (SEC-139)."
}
],
"id": "CVE-2016-10801",
"lastModified": "2024-11-21T02:44:47.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-07T13:15:12.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-06 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite un ataque de tipo XSS almacenado en api1_listautoresponders (SEC-179)."
}
],
"id": "CVE-2016-10779",
"lastModified": "2024-11-21T02:44:43.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-06T13:15:11.370",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2016-0006-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite la ejecuci\u00f3n de c\u00f3digo en el contexto de la cuenta root por medio de una ruta (path) de DocumentRoot larga (SEC-225)."
}
],
"id": "CVE-2017-18463",
"lastModified": "2024-11-21T03:20:10.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:14.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-17 15:15
Modified
2024-11-21 04:54
Severity ?
Summary
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804655CA-450A-42E5-965F-32A6AF0261A3",
"versionEndExcluding": "78.0.45",
"versionStartIncluding": "77.9999.110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94A93082-0E47-4DA1-B4FC-26609BA4B4FF",
"versionEndExcluding": "84.0.20",
"versionStartIncluding": "83.9999.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542)."
},
{
"lang": "es",
"value": "cPanel versiones anteriores a 84.0.20, maneja inapropiadamente la aplicaci\u00f3n de comprobaciones de demo en el espacio de nombres de la UAPI Market (SEC-542)."
}
],
"id": "CVE-2020-10117",
"lastModified": "2024-11-21T04:54:51.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-17T15:15:13.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-05 13:15
Modified
2024-11-21 02:44
Severity ?
Summary
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/60+Change+Log | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9261E225-7FB2-4697-825C-DCA471CB55F5",
"versionEndExcluding": "11.54.0.33",
"versionStartIncluding": "11.54.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B46DB7-A830-4BC4-BF21-DC33259D3D8F",
"versionEndExcluding": "56.0.39",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE5EA15-8E28-4DC1-962C-224CA3763A40",
"versionEndExcluding": "58.0.37",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB360EE1-3891-41E8-924C-FB985FF3B079",
"versionEndExcluding": "60.0.25",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 60.0.25, permite una redireccionamiento abierto por medio del archivo /cgi-sys/FormMail-clone.cgi (SEC-162)."
}
],
"id": "CVE-2016-10769",
"lastModified": "2024-11-21T02:44:42.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-05T13:15:11.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 14:15
Modified
2024-11-21 03:20
Severity ?
Summary
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08B24A9B-F2D3-4282-9270-0A6E3166B726",
"versionEndExcluding": "56.0.52",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
"versionEndExcluding": "60.0.48",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
"versionEndExcluding": "62.0.30",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "179399A2-B445-44BF-BB64-F212CB267EB0",
"versionEndExcluding": "64.0.40",
"versionStartIncluding": "64.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
"versionEndExcluding": "66.0.23",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
"versionEndExcluding": "67.9999.103",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"addon domain conversion\" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285)."
},
{
"lang": "es",
"value": "La funcionalidad de \"addon domain conversion\" en cPanel anterior a versi\u00f3n 67.9999.103, puede copiar todas las bases de datos MySQL en la nueva cuenta (SEC-285)."
}
],
"id": "CVE-2017-18411",
"lastModified": "2024-11-21T03:20:03.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T14:15:13.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-01 17:15
Modified
2024-11-21 04:02
Severity ?
Summary
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/68+Change+Log | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A4E3F1-3C13-4958-B459-5EDC57CD9C58",
"versionEndExcluding": "62.0.39",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "614031BF-1524-4E1C-B6CB-B99944A8145C",
"versionEndExcluding": "66.0.35",
"versionStartIncluding": "65.9999.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328117AC-A34F-4D57-A697-E1E68C2A92E3",
"versionEndExcluding": "68.0.27",
"versionStartIncluding": "67.9999.64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon a post-update task (SEC-352)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 68.0.27, permite a los atacantes leer el archivo crontab de root durante un intervalo de tiempo corto en una tarea post-actualizaci\u00f3n (SEC-352)."
}
],
"id": "CVE-2018-20943",
"lastModified": "2024-11-21T04:02:31.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-01T17:15:12.720",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-02 17:15
Modified
2024-11-21 03:20
Severity ?
Summary
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes | |
| nvd@nist.gov | https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://documentation.cpanel.net/display/CL/62+Change+Log | Product, Release Notes |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E22D10-EA36-41E7-9E6E-4225F1EAFBCA",
"versionEndExcluding": "56.0.46",
"versionStartIncluding": "55.9999.61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "318EEDB6-58C6-491A-B15E-5049D1B205D4",
"versionEndExcluding": "58.0.45",
"versionStartIncluding": "57.9999.48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F022EBEE-AA7C-49E7-8A8C-949533E383F6",
"versionEndExcluding": "60.0.39",
"versionStartIncluding": "59.9999.58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2270415F-4273-4951-8B94-02FB24BD73B5",
"versionEndExcluding": "62.0.17",
"versionStartIncluding": "61.9999.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223)."
},
{
"lang": "es",
"value": "cPanel anterior a versi\u00f3n 62.0.17, permite no conservar las preguntas de la pol\u00edtica de seguridad tras un cambio de nombre de cuenta (SEC-223)."
}
],
"id": "CVE-2017-18461",
"lastModified": "2024-11-21T03:20:10.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-02T17:15:14.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://news.cpanel.com/cpanel-tsr-2017-0002-full-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-18456
Vulnerability from cvelistv5
Published
2019-08-02 16:29
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:29:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows self XSS in the WHM cPAddons showsecurity interface (SEC-217)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18456",
"datePublished": "2019-08-02T16:29:33",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20494
Vulnerability from cvelistv5
Published
2020-03-17 14:29
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:29:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20494",
"datePublished": "2020-03-17T14:29:37",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14389
Vulnerability from cvelistv5
Published
2019-07-30 12:46
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:46:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.2 allows local users to discover the MySQL root password (SEC-510)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14389",
"datePublished": "2019-07-30T12:46:37",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20900
Vulnerability from cvelistv5
Published
2019-08-01 13:57
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:57:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20900",
"datePublished": "2019-08-01T13:57:19",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5014
Vulnerability from cvelistv5
Published
2006-09-27 01:00
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forums.cpanel.net/showthread.php?t=58134 | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1016913 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/22072 | third-party-advisory, x_refsource_SECUNIA | |
| http://changelog.cpanel.net/?build=&showall=1 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/20163 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forums.cpanel.net/showthread.php?t=58134"
},
{
"name": "1016913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016913"
},
{
"name": "22072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://changelog.cpanel.net/?build=\u0026showall=1"
},
{
"name": "20163",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20163"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-09-27T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forums.cpanel.net/showthread.php?t=58134"
},
{
"name": "1016913",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016913"
},
{
"name": "22072",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://changelog.cpanel.net/?build=\u0026showall=1"
},
{
"name": "20163",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20163"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forums.cpanel.net/showthread.php?t=58134",
"refsource": "CONFIRM",
"url": "http://forums.cpanel.net/showthread.php?t=58134"
},
{
"name": "1016913",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016913"
},
{
"name": "22072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22072"
},
{
"name": "http://changelog.cpanel.net/?build=\u0026showall=1",
"refsource": "CONFIRM",
"url": "http://changelog.cpanel.net/?build=\u0026showall=1"
},
{
"name": "20163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20163"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5014",
"datePublished": "2006-09-27T01:00:00Z",
"dateReserved": "2006-09-26T00:00:00Z",
"dateUpdated": "2024-09-16T23:40:31.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10794
Vulnerability from cvelistv5
Published
2019-08-06 13:05
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:05:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10794",
"datePublished": "2019-08-06T13:05:39",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18422
Vulnerability from cvelistv5
Published
2019-08-02 15:37
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:37:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18422",
"datePublished": "2019-08-02T15:37:45",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20888
Vulnerability from cvelistv5
Published
2019-08-01 13:04
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:04:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20888",
"datePublished": "2019-08-01T13:04:20",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18426
Vulnerability from cvelistv5
Published
2019-08-02 15:44
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows resellers to read other accounts\u0027 domain log files (SEC-288)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:44:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 66.0.2 allows resellers to read other accounts\u0027 domain log files (SEC-288)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18426",
"datePublished": "2019-08-02T15:44:36",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1770
Vulnerability from cvelistv5
Published
2005-03-10 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/831534 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=107911581732035&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9855 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11124 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15486 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#831534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"name": "20040312 Cpanel 9.1.0 have a problem ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107911581732035\u0026w=2"
},
{
"name": "9855",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9855"
},
{
"name": "11124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11124"
},
{
"name": "cpanel-login-execute-commands(15486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15486"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#831534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"name": "20040312 Cpanel 9.1.0 have a problem ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107911581732035\u0026w=2"
},
{
"name": "9855",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9855"
},
{
"name": "11124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11124"
},
{
"name": "cpanel-login-execute-commands(15486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15486"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#831534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"name": "20040312 Cpanel 9.1.0 have a problem ?",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107911581732035\u0026w=2"
},
{
"name": "9855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9855"
},
{
"name": "11124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11124"
},
{
"name": "cpanel-login-execute-commands(15486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15486"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1770",
"datePublished": "2005-03-10T05:00:00",
"dateReserved": "2005-03-10T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20877
Vulnerability from cvelistv5
Published
2019-08-01 12:44
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:44:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20877",
"datePublished": "2019-08-01T12:44:04",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20918
Vulnerability from cvelistv5
Published
2019-08-01 14:48
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:48:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20918",
"datePublished": "2019-08-01T14:48:09",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10782
Vulnerability from cvelistv5
Published
2019-08-06 12:53
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:53:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10782",
"datePublished": "2019-08-06T12:53:43",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10818
Vulnerability from cvelistv5
Published
2019-08-01 18:43
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:43:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10818",
"datePublished": "2019-08-01T18:43:03",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18402
Vulnerability from cvelistv5
Published
2019-08-02 13:11
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:11:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18402",
"datePublished": "2019-08-02T13:11:24",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20908
Vulnerability from cvelistv5
Published
2019-08-01 14:29
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:29:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20908",
"datePublished": "2019-08-01T14:29:23",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10772
Vulnerability from cvelistv5
Published
2019-08-05 12:55
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:55:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10772",
"datePublished": "2019-08-05T12:55:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18450
Vulnerability from cvelistv5
Published
2019-08-02 16:24
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:24:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18450",
"datePublished": "2019-08-02T16:24:35",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18479
Vulnerability from cvelistv5
Published
2019-08-05 12:48
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:48:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18479",
"datePublished": "2019-08-05T12:48:34",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18453
Vulnerability from cvelistv5
Published
2019-08-02 16:26
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:26:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 does not preserve supplemental groups across account renames (SEC-260)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18453",
"datePublished": "2019-08-02T16:26:50",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20926
Vulnerability from cvelistv5
Published
2019-08-01 15:18
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:18:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20926",
"datePublished": "2019-08-01T15:18:46",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20944
Vulnerability from cvelistv5
Published
2019-08-01 16:12
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:12:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20944",
"datePublished": "2019-08-01T16:12:47",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18387
Vulnerability from cvelistv5
Published
2019-08-02 12:30
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:30:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18387",
"datePublished": "2019-08-02T12:30:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18474
Vulnerability from cvelistv5
Published
2019-08-05 12:44
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.272Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:44:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 allows arbitrary file-read operations via Exim valiases (SEC-201)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18474",
"datePublished": "2019-08-05T12:44:37",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14403
Vulnerability from cvelistv5
Published
2019-07-30 14:10
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.766Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:10:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14403",
"datePublished": "2019-07-30T14:10:49",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20899
Vulnerability from cvelistv5
Published
2019-08-01 13:55
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:55:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20899",
"datePublished": "2019-08-01T13:55:56",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20885
Vulnerability from cvelistv5
Published
2019-08-01 13:00
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20885",
"datePublished": "2019-08-01T13:00:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18454
Vulnerability from cvelistv5
Published
2019-08-02 16:28
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:28:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.24 allows stored XSS in the WHM cPAddons install interface (SEC-262)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18454",
"datePublished": "2019-08-02T16:28:02",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10829
Vulnerability from cvelistv5
Published
2019-08-01 16:35
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:35:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10829",
"datePublished": "2019-08-01T16:35:10",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18472
Vulnerability from cvelistv5
Published
2019-08-05 12:43
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:43:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 allows reflected XSS in reset-password interfaces (SEC-198)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18472",
"datePublished": "2019-08-05T12:43:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29137
Vulnerability from cvelistv5
Published
2020-11-27 01:34
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-27T01:34:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29137",
"datePublished": "2020-11-27T01:34:12",
"dateReserved": "2020-11-27T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2275
Vulnerability from cvelistv5
Published
2009-07-01 12:26
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35518 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1022490 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51426 | vdb-entry, x_refsource_XF | |
| http://www.exploit-db.com/exploits/9039 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35518",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35518"
},
{
"name": "1022490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022490"
},
{
"name": "cpanel-lastvisit-directory-traversal(51426)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51426"
},
{
"name": "9039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35518",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35518"
},
{
"name": "1022490",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022490"
},
{
"name": "cpanel-lastvisit-directory-traversal(51426)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51426"
},
{
"name": "9039",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35518"
},
{
"name": "1022490",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022490"
},
{
"name": "cpanel-lastvisit-directory-traversal(51426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51426"
},
{
"name": "9039",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2275",
"datePublished": "2009-07-01T12:26:00",
"dateReserved": "2009-07-01T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26266
Vulnerability from cvelistv5
Published
2021-01-26 03:35
Modified
2024-08-03 20:19
Severity ?
EPSS score ?
Summary
cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/92-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T03:35:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/92-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26266",
"datePublished": "2021-01-26T03:35:43",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10826
Vulnerability from cvelistv5
Published
2019-08-01 18:28
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:28:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10826",
"datePublished": "2019-08-01T18:28:55",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18447
Vulnerability from cvelistv5
Published
2019-08-02 16:22
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:22:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18447",
"datePublished": "2019-08-02T16:22:14",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20866
Vulnerability from cvelistv5
Published
2019-07-30 14:22
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 has Stored XSS in the WHM "Reset a DNS Zone" feature (SEC-461).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has Stored XSS in the WHM \"Reset a DNS Zone\" feature (SEC-461)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:22:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 has Stored XSS in the WHM \"Reset a DNS Zone\" feature (SEC-461)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20866",
"datePublished": "2019-07-30T14:22:56",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26099
Vulnerability from cvelistv5
Published
2020-09-25 05:43
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:43:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26099",
"datePublished": "2020-09-25T05:43:26",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18393
Vulnerability from cvelistv5
Published
2019-08-02 13:04
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:04:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18393",
"datePublished": "2019-08-02T13:04:12",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10849
Vulnerability from cvelistv5
Published
2019-08-01 15:25
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:25:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10849",
"datePublished": "2019-08-01T15:25:05",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26105
Vulnerability from cvelistv5
Published
2020-09-25 05:42
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:42:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26105",
"datePublished": "2020-09-25T05:42:40",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20910
Vulnerability from cvelistv5
Published
2019-08-01 14:32
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:32:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20910",
"datePublished": "2019-08-01T14:32:30",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10795
Vulnerability from cvelistv5
Published
2019-08-06 13:06
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:06:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10795",
"datePublished": "2019-08-06T13:06:35",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18386
Vulnerability from cvelistv5
Published
2019-08-02 12:29
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:29:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18386",
"datePublished": "2019-08-02T12:29:42",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14413
Vulnerability from cvelistv5
Published
2019-07-30 14:19
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:19:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.2 allows certain file-write operations as shared users during connection resets (SEC-476)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14413",
"datePublished": "2019-07-30T14:19:38",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18435
Vulnerability from cvelistv5
Published
2019-08-02 16:00
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:00:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18435",
"datePublished": "2019-08-02T16:00:05",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0370
Vulnerability from cvelistv5
Published
2008-01-22 19:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/27308 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28561 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/486404/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://aria-security.net/forum/showthread.php?p=1238 | x_refsource_MISC | |
| http://securityreason.com/securityalert/3561 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27308",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27308"
},
{
"name": "28561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28561"
},
{
"name": "20080116 cPanel Hosting Manager (dohtaccess.html)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486404/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aria-security.net/forum/showthread.php?p=1238"
},
{
"name": "3561",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3561"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27308",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27308"
},
{
"name": "28561",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28561"
},
{
"name": "20080116 cPanel Hosting Manager (dohtaccess.html)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486404/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aria-security.net/forum/showthread.php?p=1238"
},
{
"name": "3561",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3561"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27308"
},
{
"name": "28561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28561"
},
{
"name": "20080116 cPanel Hosting Manager (dohtaccess.html)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486404/100/0/threaded"
},
{
"name": "http://aria-security.net/forum/showthread.php?p=1238",
"refsource": "MISC",
"url": "http://aria-security.net/forum/showthread.php?p=1238"
},
{
"name": "3561",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3561"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0370",
"datePublished": "2008-01-22T19:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:39:35.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20890
Vulnerability from cvelistv5
Published
2019-08-01 13:06
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20890",
"datePublished": "2019-08-01T13:06:22",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10837
Vulnerability from cvelistv5
Published
2019-08-01 15:46
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:46:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10837",
"datePublished": "2019-08-01T15:46:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12784
Vulnerability from cvelistv5
Published
2020-05-11 15:49
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/86+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T15:49:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/86+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12784",
"datePublished": "2020-05-11T15:49:58",
"dateReserved": "2020-05-11T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10836
Vulnerability from cvelistv5
Published
2019-08-01 15:51
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.129Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:51:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10836",
"datePublished": "2019-08-01T15:51:44",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10797
Vulnerability from cvelistv5
Published
2019-08-06 13:08
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows WHM \"Purchase and Install an SSL Certificate\" page visitors to list all server domains (SEC-133)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:08:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 58.0.4 allows WHM \"Purchase and Install an SSL Certificate\" page visitors to list all server domains (SEC-133)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10797",
"datePublished": "2019-08-06T13:08:57",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26112
Vulnerability from cvelistv5
Published
2020-09-25 05:40
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
The email quota cache in cPanel before 90.0.10 allows overwriting of files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The email quota cache in cPanel before 90.0.10 allows overwriting of files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:40:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The email quota cache in cPanel before 90.0.10 allows overwriting of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26112",
"datePublished": "2020-09-25T05:40:42",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4293
Vulnerability from cvelistv5
Published
2006-08-22 17:00
Modified
2024-08-07 19:06
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28447 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/28043 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/19624 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/21592 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/443637/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/28041 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/1442 | third-party-advisory, x_refsource_SREASON | |
| http://www.osvdb.org/28042 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cpanel-dohtaccess-xss(28447)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447"
},
{
"name": "28043",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28043"
},
{
"name": "19624",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19624"
},
{
"name": "21592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21592"
},
{
"name": "20060816 Multiple xxs cPanel 10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/443637/100/0/threaded"
},
{
"name": "28041",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28041"
},
{
"name": "1442",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1442"
},
{
"name": "28042",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cpanel-dohtaccess-xss(28447)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447"
},
{
"name": "28043",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28043"
},
{
"name": "19624",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19624"
},
{
"name": "21592",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21592"
},
{
"name": "20060816 Multiple xxs cPanel 10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/443637/100/0/threaded"
},
{
"name": "28041",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28041"
},
{
"name": "1442",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1442"
},
{
"name": "28042",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28042"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-dohtaccess-xss(28447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28447"
},
{
"name": "28043",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28043"
},
{
"name": "19624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19624"
},
{
"name": "21592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21592"
},
{
"name": "20060816 Multiple xxs cPanel 10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/443637/100/0/threaded"
},
{
"name": "28041",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28041"
},
{
"name": "1442",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1442"
},
{
"name": "28042",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28042"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4293",
"datePublished": "2006-08-22T17:00:00",
"dateReserved": "2006-08-22T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20907
Vulnerability from cvelistv5
Published
2019-08-01 14:28
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:28:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20907",
"datePublished": "2019-08-01T14:28:22",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29489
Vulnerability from cvelistv5
Published
2023-04-27 00:00
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpanel",
"vendor": "cpanel",
"versions": [
{
"lessThan": "11.109.9999.116",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cpanel:cpanel:11.109.9999.116:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cpanel",
"vendor": "cpanel",
"versions": [
{
"status": "unaffected",
"version": "11.109.9999.116"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29489",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T03:55:38.487098Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T13:00:06.238Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:L/I:L/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-27T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://forums.cpanel.net/threads/cpanel-tsr-2023-0001-full-disclosure.708949/"
},
{
"url": "https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29489",
"datePublished": "2023-04-27T00:00:00",
"dateReserved": "2023-04-07T00:00:00",
"dateUpdated": "2024-08-02T14:07:46.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20881
Vulnerability from cvelistv5
Published
2019-08-01 12:54
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:54:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20881",
"datePublished": "2019-08-01T12:54:23",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18465
Vulnerability from cvelistv5
Published
2019-08-05 11:51
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T11:51:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18465",
"datePublished": "2019-08-05T11:51:32",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14405
Vulnerability from cvelistv5
Published
2019-07-30 14:12
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:12:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14405",
"datePublished": "2019-07-30T14:12:53",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10821
Vulnerability from cvelistv5
Published
2019-08-01 18:29
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:29:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10821",
"datePublished": "2019-08-01T18:29:56",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10806
Vulnerability from cvelistv5
Published
2019-08-07 12:28
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:28:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10806",
"datePublished": "2019-08-07T12:28:12",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-26267
Vulnerability from cvelistv5
Published
2021-01-26 03:35
Modified
2024-08-03 20:19
Severity ?
EPSS score ?
Summary
cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/92-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T03:35:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-26267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 92.0.9 allows a MySQL user (who has an old-style password hash) to bypass suspension (SEC-579)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/92-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/92-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-26267",
"datePublished": "2021-01-26T03:35:35",
"dateReserved": "2021-01-26T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20930
Vulnerability from cvelistv5
Published
2019-08-01 15:46
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:46:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20930",
"datePublished": "2019-08-01T15:46:54",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26104
Vulnerability from cvelistv5
Published
2020-09-25 05:42
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:42:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26104",
"datePublished": "2020-09-25T05:42:46",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20882
Vulnerability from cvelistv5
Published
2019-08-01 12:55
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:55:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20882",
"datePublished": "2019-08-01T12:55:42",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20873
Vulnerability from cvelistv5
Published
2019-08-01 12:38
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:38:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20873",
"datePublished": "2019-08-01T12:38:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6926
Vulnerability from cvelistv5
Published
2009-08-10 20:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/32016 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/498526 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/498529/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46252 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/6897 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/archive/1/498519 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.netenberg.com/forum/index.php?topic=6832 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/498529 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/497964/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name": "cpanel-autoinstall-file-include(46252)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"name": "6897",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081120 Re: Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32016"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name": "cpanel-autoinstall-file-include(46252)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"name": "6897",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081120 Re: Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32016"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "20081120 Re: Re: Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498529/100/0/threaded"
},
{
"name": "cpanel-autoinstall-file-include(46252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46252"
},
{
"name": "6897",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"name": "http://www.netenberg.com/forum/index.php?topic=6832",
"refsource": "CONFIRM",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081120 Re: Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498529"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6926",
"datePublished": "2009-08-10T20:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18436
Vulnerability from cvelistv5
Published
2019-08-02 16:13
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:13:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18436",
"datePublished": "2019-08-02T16:13:12",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10858
Vulnerability from cvelistv5
Published
2019-08-01 14:38
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:38:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10858",
"datePublished": "2019-08-01T14:38:03",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0521
Vulnerability from cvelistv5
Published
2003-07-10 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105760556627616&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030706 cPanel Malicious HTML Tags Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105760556627616\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030706 cPanel Malicious HTML Tags Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105760556627616\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030706 cPanel Malicious HTML Tags Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105760556627616\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0521",
"datePublished": "2003-07-10T04:00:00",
"dateReserved": "2003-07-08T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0533
Vulnerability from cvelistv5
Published
2006-02-04 00:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0433 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24468 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=full-disclosure&m=113894933522271&w=2 | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/22906 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/18691 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:29.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "cpanel-scripts-xss(24468)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"name": "20060203 Re: cPanel Multiple Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113894933522271\u0026w=2"
},
{
"name": "22906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22906"
},
{
"name": "18691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18691"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "cpanel-scripts-xss(24468)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"name": "20060203 Re: cPanel Multiple Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113894933522271\u0026w=2"
},
{
"name": "22906",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22906"
},
{
"name": "18691",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18691"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0433",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "cpanel-scripts-xss(24468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"name": "20060203 Re: cPanel Multiple Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=113894933522271\u0026w=2"
},
{
"name": "22906",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22906"
},
{
"name": "18691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18691"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0533",
"datePublished": "2006-02-04T00:00:00",
"dateReserved": "2006-02-03T00:00:00",
"dateUpdated": "2024-08-07T16:41:29.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18382
Vulnerability from cvelistv5
Published
2019-08-02 12:19
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:19:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18382",
"datePublished": "2019-08-02T12:19:16",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10793
Vulnerability from cvelistv5
Published
2019-08-06 13:04
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:04:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10793",
"datePublished": "2019-08-06T13:04:54",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10828
Vulnerability from cvelistv5
Published
2019-08-01 16:36
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:36:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10828",
"datePublished": "2019-08-01T16:36:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18449
Vulnerability from cvelistv5
Published
2019-08-02 16:23
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:23:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows certain file-rename operations in the context of the root account via scripts/convert_roundcube_mysql2sqlite (SEC-254)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18449",
"datePublished": "2019-08-02T16:23:51",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18468
Vulnerability from cvelistv5
Published
2019-08-05 11:53
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T11:53:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18468",
"datePublished": "2019-08-05T11:53:13",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.122Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18481
Vulnerability from cvelistv5
Published
2019-08-05 12:50
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:50:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18481",
"datePublished": "2019-08-05T12:50:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20953
Vulnerability from cvelistv5
Published
2019-08-01 16:20
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:20:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20953",
"datePublished": "2019-08-01T16:20:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20905
Vulnerability from cvelistv5
Published
2019-08-01 14:25
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:25:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20905",
"datePublished": "2019-08-01T14:25:31",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10777
Vulnerability from cvelistv5
Published
2019-08-06 12:49
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:49:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10777",
"datePublished": "2019-08-06T12:49:30",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18466
Vulnerability from cvelistv5
Published
2019-08-05 11:50
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T11:50:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18466",
"datePublished": "2019-08-05T11:50:47",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14407
Vulnerability from cvelistv5
Published
2019-07-30 14:14
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:14:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.2 reveals internal data to OpenID providers (SEC-415)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14407",
"datePublished": "2019-07-30T14:14:33",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18408
Vulnerability from cvelistv5
Published
2019-08-02 13:47
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:47:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18408",
"datePublished": "2019-08-02T13:47:37",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26107
Vulnerability from cvelistv5
Published
2020-09-25 05:42
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:42:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26107",
"datePublished": "2020-09-25T05:42:25",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10824
Vulnerability from cvelistv5
Published
2019-08-01 16:40
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:40:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10824",
"datePublished": "2019-08-01T16:40:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10115
Vulnerability from cvelistv5
Published
2020-03-17 14:35
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:35:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10115",
"datePublished": "2020-03-17T14:35:51",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18434
Vulnerability from cvelistv5
Published
2019-08-02 15:59
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:59:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18434",
"datePublished": "2019-08-02T15:59:21",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10767
Vulnerability from cvelistv5
Published
2019-08-05 12:51
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:51:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10767",
"datePublished": "2019-08-05T12:51:51",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18405
Vulnerability from cvelistv5
Published
2019-08-02 13:13
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:13:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18405",
"datePublished": "2019-08-02T13:13:42",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18446
Vulnerability from cvelistv5
Published
2019-08-02 16:20
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:20:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18446",
"datePublished": "2019-08-02T16:20:55",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1849
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/4530 | vdb-entry, x_refsource_OSVDB | |
| http://marc.info/?l=bugtraq&m=108006627005371&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1009541 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/9965 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/4529 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15517 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4530"
},
{
"name": "20040323 More Cpanel Vuls (cross site scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108006627005371\u0026w=2"
},
{
"name": "1009541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009541"
},
{
"name": "9965",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9965"
},
{
"name": "4529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4529"
},
{
"name": "cpanel-dodelautores-addhandle-xss(15517)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15517"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4530",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4530"
},
{
"name": "20040323 More Cpanel Vuls (cross site scripting)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108006627005371\u0026w=2"
},
{
"name": "1009541",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009541"
},
{
"name": "9965",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9965"
},
{
"name": "4529",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4529"
},
{
"name": "cpanel-dodelautores-addhandle-xss(15517)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15517"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4530"
},
{
"name": "20040323 More Cpanel Vuls (cross site scripting)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108006627005371\u0026w=2"
},
{
"name": "1009541",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009541"
},
{
"name": "9965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9965"
},
{
"name": "4529",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4529"
},
{
"name": "cpanel-dodelautores-addhandle-xss(15517)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15517"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1849",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20894
Vulnerability from cvelistv5
Published
2019-08-01 13:11
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:11:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20894",
"datePublished": "2019-08-01T13:11:34",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26115
Vulnerability from cvelistv5
Published
2020-09-25 05:40
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:40:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26115",
"datePublished": "2020-09-25T05:40:17",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20942
Vulnerability from cvelistv5
Published
2019-08-01 16:11
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon configuring crontab (SEC-351)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:11:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon configuring crontab (SEC-351)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20942",
"datePublished": "2019-08-01T16:11:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20936
Vulnerability from cvelistv5
Published
2019-08-01 16:05
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:05:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20936",
"datePublished": "2019-08-01T16:05:27",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10803
Vulnerability from cvelistv5
Published
2019-08-07 12:24
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:24:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10803",
"datePublished": "2019-08-07T12:24:50",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10808
Vulnerability from cvelistv5
Published
2019-08-07 12:29
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:29:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10808",
"datePublished": "2019-08-07T12:29:46",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1769
Vulnerability from cvelistv5
Published
2005-03-10 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/831534 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=107904890724201&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15443 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9848 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/11111 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#831534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"name": "20040311 cPanel Secuirty Advisory CPANEL-2004:01-01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107904890724201\u0026w=2"
},
{
"name": "cpanel-resetpass-execute-commands(15443)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15443"
},
{
"name": "20040311 Cpanel 8.*.* have a problem ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0"
},
{
"name": "9848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9848"
},
{
"name": "11111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11111"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"Allow cPanel users to reset their password via email\" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#831534",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"name": "20040311 cPanel Secuirty Advisory CPANEL-2004:01-01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107904890724201\u0026w=2"
},
{
"name": "cpanel-resetpass-execute-commands(15443)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15443"
},
{
"name": "20040311 Cpanel 8.*.* have a problem ?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0"
},
{
"name": "9848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9848"
},
{
"name": "11111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11111"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"Allow cPanel users to reset their password via email\" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#831534",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/831534"
},
{
"name": "20040311 cPanel Secuirty Advisory CPANEL-2004:01-01",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107904890724201\u0026w=2"
},
{
"name": "cpanel-resetpass-execute-commands(15443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15443"
},
{
"name": "20040311 Cpanel 8.*.* have a problem ?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/357064/2004-03-08/2004-03-14/0"
},
{
"name": "9848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9848"
},
{
"name": "11111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11111"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1769",
"datePublished": "2005-03-10T05:00:00",
"dateReserved": "2005-03-10T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10781
Vulnerability from cvelistv5
Published
2019-08-06 12:52
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:52:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10781",
"datePublished": "2019-08-06T12:52:51",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20923
Vulnerability from cvelistv5
Published
2019-08-01 14:52
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:52:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20923",
"datePublished": "2019-08-01T14:52:49",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18390
Vulnerability from cvelistv5
Published
2019-08-02 12:33
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:33:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18390",
"datePublished": "2019-08-02T12:33:10",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18400
Vulnerability from cvelistv5
Published
2019-08-02 13:09
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:09:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18400",
"datePublished": "2019-08-02T13:09:42",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20870
Vulnerability from cvelistv5
Published
2019-07-30 14:29
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:29:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20870",
"datePublished": "2019-07-30T14:29:13",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26114
Vulnerability from cvelistv5
Published
2020-09-25 05:40
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:40:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26114",
"datePublished": "2020-09-25T05:40:26",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38585
Vulnerability from cvelistv5
Published
2021-08-11 22:55
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38585",
"datePublished": "2021-08-11T22:55:59",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10792
Vulnerability from cvelistv5
Published
2019-08-06 13:02
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:02:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10792",
"datePublished": "2019-08-06T13:02:45",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18421
Vulnerability from cvelistv5
Published
2019-08-02 15:36
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:36:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18421",
"datePublished": "2019-08-02T15:36:53",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18463
Vulnerability from cvelistv5
Published
2019-08-02 16:33
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:33:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18463",
"datePublished": "2019-08-02T16:33:59",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18477
Vulnerability from cvelistv5
Published
2019-08-05 12:47
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:47:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18477",
"datePublished": "2019-08-05T12:47:04",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18441
Vulnerability from cvelistv5
Published
2019-08-02 16:17
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:17:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18441",
"datePublished": "2019-08-02T16:17:15",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10791
Vulnerability from cvelistv5
Published
2019-08-06 13:01
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.295Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:01:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.15 does not ensure that system accounts lack a valid password, so that logins are impossible (CPANEL-9559)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10791",
"datePublished": "2019-08-06T13:01:18",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20862
Vulnerability from cvelistv5
Published
2019-07-30 14:26
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:26:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 unsafely performs PostgreSQL password changes (SEC-366)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20862",
"datePublished": "2019-07-30T14:26:37",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10853
Vulnerability from cvelistv5
Published
2019-08-01 14:45
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:45:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10853",
"datePublished": "2019-08-01T14:45:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18411
Vulnerability from cvelistv5
Published
2019-08-02 13:50
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The \"addon domain conversion\" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:50:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"addon domain conversion\" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18411",
"datePublished": "2019-08-02T13:50:09",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20915
Vulnerability from cvelistv5
Published
2019-08-01 14:45
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:45:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20915",
"datePublished": "2019-08-01T14:45:12",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6449
Vulnerability from cvelistv5
Published
2020-02-10 14:57
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The clientconf.html and detailbw.html pages in x3 in cPanel \u0026 WHM 11.34.0 (build 8) have a XSS vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-10T14:57:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clientconf.html and detailbw.html pages in x3 in cPanel \u0026 WHM 11.34.0 (build 8) have a XSS vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/119113/C-Panel-WHM-11.34.0-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6449",
"datePublished": "2020-02-10T14:57:53",
"dateReserved": "2012-12-28T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20925
Vulnerability from cvelistv5
Published
2019-08-01 15:18
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:18:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20925",
"datePublished": "2019-08-01T15:18:02",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10790
Vulnerability from cvelistv5
Published
2019-08-06 13:00
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:00:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net (SEC-192)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10790",
"datePublished": "2019-08-06T13:00:07",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20931
Vulnerability from cvelistv5
Published
2019-08-01 15:47
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:47:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20931",
"datePublished": "2019-08-01T15:47:45",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18480
Vulnerability from cvelistv5
Published
2019-08-05 12:49
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:49:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18480",
"datePublished": "2019-08-05T12:49:19",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18391
Vulnerability from cvelistv5
Published
2019-08-02 12:33
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:33:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows attackers to read backup files because they are world-readable during a short time interval (SEC-323)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18391",
"datePublished": "2019-08-02T12:33:59",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20495
Vulnerability from cvelistv5
Published
2020-03-17 14:30
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.153Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:30:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20495",
"datePublished": "2020-03-17T14:30:15",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.153Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20927
Vulnerability from cvelistv5
Published
2019-08-01 15:19
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:19:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20927",
"datePublished": "2019-08-01T15:19:35",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20922
Vulnerability from cvelistv5
Published
2019-08-01 14:51
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:51:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20922",
"datePublished": "2019-08-01T14:51:53",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38589
Vulnerability from cvelistv5
Published
2021-08-11 22:55
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of files (SEC-588)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38589",
"datePublished": "2021-08-11T22:55:12",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10823
Vulnerability from cvelistv5
Published
2019-08-01 16:42
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:42:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10823",
"datePublished": "2019-08-01T16:42:57",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20498
Vulnerability from cvelistv5
Published
2020-03-17 14:32
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:32:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows WebDAV authentication bypass because the connection-sharing logic is incorrect (SEC-534)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20498",
"datePublished": "2020-03-17T14:32:12",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14414
Vulnerability from cvelistv5
Published
2019-07-30 14:20
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:20:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14414",
"datePublished": "2019-07-30T14:20:15",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20898
Vulnerability from cvelistv5
Published
2019-08-01 13:55
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:55:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20898",
"datePublished": "2019-08-01T13:55:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6927
Vulnerability from cvelistv5
Published
2009-08-10 20:00
Modified
2024-08-07 11:49
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/498526 | mailing-list, x_refsource_BUGTRAQ | |
| https://www.exploit-db.com/exploits/6897 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.osvdb.org/49518 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/498519 | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/32423 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.netenberg.com/forum/index.php?topic=6832 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/497964/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46253 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:49:02.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "6897",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "49518",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/49518"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"name": "32423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"name": "cpanel-autoinstall-xss(46253)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "6897",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "49518",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/49518"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"name": "32423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"name": "cpanel-autoinstall-xss(46253)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498526"
},
{
"name": "6897",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6897"
},
{
"name": "49518",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/49518"
},
{
"name": "20081120 Re: Cpanel 11 Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498519"
},
{
"name": "32423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32423"
},
{
"name": "http://www.netenberg.com/forum/index.php?topic=6832",
"refsource": "MISC",
"url": "http://www.netenberg.com/forum/index.php?topic=6832"
},
{
"name": "20081031 Cpanel 11.x Local File Inclusion \u0026 Cross Site Scripting - Discovered By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497964/100/0/threaded"
},
{
"name": "cpanel-autoinstall-xss(46253)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6927",
"datePublished": "2009-08-10T20:00:00",
"dateReserved": "2009-08-10T00:00:00",
"dateUpdated": "2024-08-07T11:49:02.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18451
Vulnerability from cvelistv5
Published
2019-08-02 16:25
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows attackers to read a user's crontab file during a short time interval upon a cPAddon upgrade (SEC-257).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows attackers to read a user\u0027s crontab file during a short time interval upon a cPAddon upgrade (SEC-257)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:25:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows attackers to read a user\u0027s crontab file during a short time interval upon a cPAddon upgrade (SEC-257)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18451",
"datePublished": "2019-08-02T16:25:22",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1425
Vulnerability from cvelistv5
Published
2007-10-20 10:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/6882 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11356 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"name": "6882",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6882"
},
{
"name": "cpanel-guestbook-command-execution(11356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"name": "6882",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6882"
},
{
"name": "cpanel-guestbook-command-execution(11356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11356"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"name": "6882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6882"
},
{
"name": "cpanel-guestbook-command-execution(11356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11356"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1425",
"datePublished": "2007-10-20T10:00:00",
"dateReserved": "2007-10-19T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18431
Vulnerability from cvelistv5
Published
2019-08-02 15:56
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:56:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 66.0.1 does not reliably perform suspend/unsuspend operations on accounts (CPANEL-13941)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18431",
"datePublished": "2019-08-02T15:56:07",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0763
Vulnerability from cvelistv5
Published
2006-02-18 02:00
Modified
2024-08-07 16:48
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24839 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/22971 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:48:55.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060207 Re: cPanel Multiple Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html"
},
{
"name": "cpanel-dowebmailforward-xss(24839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24839"
},
{
"name": "22971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060207 Re: cPanel Multiple Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html"
},
{
"name": "cpanel-dowebmailforward-xss(24839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24839"
},
{
"name": "22971",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060207 Re: cPanel Multiple Cross Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0129.html"
},
{
"name": "cpanel-dowebmailforward-xss(24839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24839"
},
{
"name": "22971",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0763",
"datePublished": "2006-02-18T02:00:00",
"dateReserved": "2006-02-18T00:00:00",
"dateUpdated": "2024-08-07T16:48:55.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10848
Vulnerability from cvelistv5
Published
2019-08-01 15:26
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:26:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10848",
"datePublished": "2019-08-01T15:26:37",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18448
Vulnerability from cvelistv5
Published
2019-08-02 16:22
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows certain file-read operations via a Serverinfo_manpage API call (SEC-252)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18448",
"datePublished": "2019-08-02T16:22:57",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10833
Vulnerability from cvelistv5
Published
2019-08-01 16:09
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:09:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10833",
"datePublished": "2019-08-01T16:09:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20490
Vulnerability from cvelistv5
Published
2020-03-17 14:23
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:09.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:23:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows authentication bypass because webmail usernames are processed inconsistently (SEC-499)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20490",
"datePublished": "2020-03-17T14:23:08",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:09.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10122
Vulnerability from cvelistv5
Published
2020-03-17 14:41
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:41:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10122",
"datePublished": "2020-03-17T14:41:13",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20920
Vulnerability from cvelistv5
Published
2019-08-01 14:49
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:49:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20920",
"datePublished": "2019-08-01T14:49:58",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14401
Vulnerability from cvelistv5
Published
2019-07-30 14:08
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:08:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14401",
"datePublished": "2019-07-30T14:08:50",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10845
Vulnerability from cvelistv5
Published
2019-08-01 15:39
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:39:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/check_system_storable (SEC-78)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10845",
"datePublished": "2019-08-01T15:39:09",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20880
Vulnerability from cvelistv5
Published
2019-08-01 12:53
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:53:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20880",
"datePublished": "2019-08-01T12:53:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20909
Vulnerability from cvelistv5
Published
2019-08-01 14:31
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:31:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20909",
"datePublished": "2019-08-01T14:31:14",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5883
Vulnerability from cvelistv5
Published
2006-11-14 19:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/451374/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/30387 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/4500 | vdb-entry, x_refsource_VUPEN | |
| http://aria-security.net/advisory/cpanel.txt | x_refsource_MISC | |
| http://www.osvdb.org/30386 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/22825 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/21027 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/1847 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061112 CPanel Multiple Cross Site Scription",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded"
},
{
"name": "30387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30387"
},
{
"name": "ADV-2006-4500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4500"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aria-security.net/advisory/cpanel.txt"
},
{
"name": "30386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/30386"
},
{
"name": "22825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22825"
},
{
"name": "21027",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21027"
},
{
"name": "1847",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061112 CPanel Multiple Cross Site Scription",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded"
},
{
"name": "30387",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30387"
},
{
"name": "ADV-2006-4500",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4500"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aria-security.net/advisory/cpanel.txt"
},
{
"name": "30386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/30386"
},
{
"name": "22825",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22825"
},
{
"name": "21027",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21027"
},
{
"name": "1847",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061112 CPanel Multiple Cross Site Scription",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/451374/100/0/threaded"
},
{
"name": "30387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30387"
},
{
"name": "ADV-2006-4500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4500"
},
{
"name": "http://aria-security.net/advisory/cpanel.txt",
"refsource": "MISC",
"url": "http://aria-security.net/advisory/cpanel.txt"
},
{
"name": "30386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/30386"
},
{
"name": "22825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22825"
},
{
"name": "21027",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21027"
},
{
"name": "1847",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5883",
"datePublished": "2006-11-14T19:00:00",
"dateReserved": "2006-11-14T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20919
Vulnerability from cvelistv5
Published
2019-08-01 14:49
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:49:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM Create Account action (SEC-373)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20919",
"datePublished": "2019-08-01T14:49:06",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18455
Vulnerability from cvelistv5
Published
2019-08-02 16:28
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:28:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18455",
"datePublished": "2019-08-02T16:28:51",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10775
Vulnerability from cvelistv5
Published
2019-08-05 12:58
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:58:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows arbitrary file-chown operations via reassign_post_terminate_cruft (SEC-173)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10775",
"datePublished": "2019-08-05T12:58:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10830
Vulnerability from cvelistv5
Published
2019-08-01 16:33
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:33:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10830",
"datePublished": "2019-08-01T16:33:45",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18452
Vulnerability from cvelistv5
Published
2019-08-02 16:26
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:26:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18452",
"datePublished": "2019-08-02T16:26:04",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10832
Vulnerability from cvelistv5
Published
2019-08-01 16:12
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:12:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10832",
"datePublished": "2019-08-01T16:12:16",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1603
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17780 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109811572123753&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17779 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109811654104208&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/11455 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/12865 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/11449 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cpanel-htaccess-modify-ownership(17780)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780"
},
{
"name": "20041018 cPanel hardlink backup issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811572123753\u0026w=2"
},
{
"name": "cpanel-backup-view-file(17779)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779"
},
{
"name": "20041018 cPanel hardlink chown issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811654104208\u0026w=2"
},
{
"name": "11455",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11455"
},
{
"name": "12865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12865"
},
{
"name": "11449",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cpanel-htaccess-modify-ownership(17780)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780"
},
{
"name": "20041018 cPanel hardlink backup issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811572123753\u0026w=2"
},
{
"name": "cpanel-backup-view-file(17779)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779"
},
{
"name": "20041018 cPanel hardlink chown issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811654104208\u0026w=2"
},
{
"name": "11455",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11455"
},
{
"name": "12865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12865"
},
{
"name": "11449",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11449"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-htaccess-modify-ownership(17780)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780"
},
{
"name": "20041018 cPanel hardlink backup issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109811572123753\u0026w=2"
},
{
"name": "cpanel-backup-view-file(17779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779"
},
{
"name": "20041018 cPanel hardlink chown issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109811654104208\u0026w=2"
},
{
"name": "11455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11455"
},
{
"name": "12865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12865"
},
{
"name": "11449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11449"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1603",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T01:00:36.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10769
Vulnerability from cvelistv5
Published
2019-08-05 12:53
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:53:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10769",
"datePublished": "2019-08-05T12:53:16",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10820
Vulnerability from cvelistv5
Published
2019-08-01 18:30
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:30:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10820",
"datePublished": "2019-08-01T18:30:32",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18401
Vulnerability from cvelistv5
Published
2019-08-02 13:10
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:10:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows user accounts to be partially created with invalid username formats (SEC-334)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18401",
"datePublished": "2019-08-02T13:10:36",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1119
Vulnerability from cvelistv5
Published
2006-03-09 20:00
Modified
2024-08-07 16:56
Severity ?
EPSS score ?
Summary
fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/426957/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25277 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.661Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060307 Cpanel Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"name": "cpanel-fantastico-path-disclosure(25277)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060307 Cpanel Path Disclosure Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"name": "cpanel-fantastico-path-disclosure(25277)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060307 Cpanel Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426957/100/0/threaded"
},
{
"name": "cpanel-fantastico-path-disclosure(25277)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1119",
"datePublished": "2006-03-09T20:00:00",
"dateReserved": "2006-03-09T00:00:00",
"dateUpdated": "2024-08-07T16:56:15.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10815
Vulnerability from cvelistv5
Published
2019-08-01 18:53
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:53:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows arbitrary file-read operations for Webmail accounts via Branding APIs (SEC-120)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10815",
"datePublished": "2019-08-01T18:53:15",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18414
Vulnerability from cvelistv5
Published
2019-08-02 13:52
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:52:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18414",
"datePublished": "2019-08-02T13:52:33",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20902
Vulnerability from cvelistv5
Published
2019-08-01 14:21
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to read root\u0027s crontab file by leveraging ClamAV installation (SEC-408)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:21:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows attackers to read root\u0027s crontab file by leveraging ClamAV installation (SEC-408)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20902",
"datePublished": "2019-08-01T14:21:05",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5535
Vulnerability from cvelistv5
Published
2006-10-26 17:00
Modified
2024-08-07 19:55
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/20683 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/1780 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/22555 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/449472/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/4190 | vdb-entry, x_refsource_VUPEN | |
| http://changelog.cpanel.net/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:55:53.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20683"
},
{
"name": "1780",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1780"
},
{
"name": "22555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22555"
},
{
"name": "20061022 WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449472/100/0/threaded"
},
{
"name": "ADV-2006-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://changelog.cpanel.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20683"
},
{
"name": "1780",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1780"
},
{
"name": "22555",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22555"
},
{
"name": "20061022 WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449472/100/0/threaded"
},
{
"name": "ADV-2006-4190",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://changelog.cpanel.net/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20683"
},
{
"name": "1780",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1780"
},
{
"name": "22555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22555"
},
{
"name": "20061022 WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449472/100/0/threaded"
},
{
"name": "ADV-2006-4190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4190"
},
{
"name": "http://changelog.cpanel.net/",
"refsource": "CONFIRM",
"url": "http://changelog.cpanel.net/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5535",
"datePublished": "2006-10-26T17:00:00",
"dateReserved": "2006-10-26T00:00:00",
"dateUpdated": "2024-08-07T19:55:53.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-7142
Vulnerability from cvelistv5
Published
2009-09-01 16:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/489747/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41266 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/51582 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/28300/exploit | x_refsource_MISC | |
| http://www.securityfocus.com/bid/28300 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:56:14.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080318 cPanel 11.x =\u003e List Directories and Folders",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489747/100/0/threaded"
},
{
"name": "cpanal-showtree-information-disclosure(41266)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41266"
},
{
"name": "51582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51582"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28300/exploit"
},
{
"name": "28300",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28300"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080318 cPanel 11.x =\u003e List Directories and Folders",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489747/100/0/threaded"
},
{
"name": "cpanal-showtree-information-disclosure(41266)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41266"
},
{
"name": "51582",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51582"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/28300/exploit"
},
{
"name": "28300",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28300"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080318 cPanel 11.x =\u003e List Directories and Folders",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489747/100/0/threaded"
},
{
"name": "cpanal-showtree-information-disclosure(41266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41266"
},
{
"name": "51582",
"refsource": "OSVDB",
"url": "http://osvdb.org/51582"
},
{
"name": "http://www.securityfocus.com/bid/28300/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/28300/exploit"
},
{
"name": "28300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28300"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-7142",
"datePublished": "2009-09-01T16:00:00",
"dateReserved": "2009-09-01T00:00:00",
"dateUpdated": "2024-08-07T11:56:14.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10812
Vulnerability from cvelistv5
Published
2019-08-07 12:33
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:33:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10812",
"datePublished": "2019-08-07T12:33:23",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1426
Vulnerability from cvelistv5
Published
2007-10-20 10:00
Modified
2024-08-08 02:28
Severity ?
EPSS score ?
Summary
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/6885 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html | mailing-list, x_refsource_VULNWATCH | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11357 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:28:03.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6885"
},
{
"name": "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"name": "cpanel-scriptfilename-gain-privileges(11357)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl\u0027s @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6885"
},
{
"name": "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"name": "cpanel-scriptfilename-gain-privileges(11357)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl\u0027s @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6885"
},
{
"name": "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html"
},
{
"name": "cpanel-scriptfilename-gain-privileges(11357)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1426",
"datePublished": "2007-10-20T10:00:00",
"dateReserved": "2007-10-19T00:00:00",
"dateUpdated": "2024-08-08T02:28:03.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20945
Vulnerability from cvelistv5
Published
2019-08-01 16:13
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:13:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20945",
"datePublished": "2019-08-01T16:13:39",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18406
Vulnerability from cvelistv5
Published
2019-08-02 13:45
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:45:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 67.9999.103 allows SQL injection during eximstats processing (SEC-276)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18406",
"datePublished": "2019-08-02T13:45:54",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10835
Vulnerability from cvelistv5
Published
2019-08-01 16:06
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10835",
"datePublished": "2019-08-01T16:06:10",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20924
Vulnerability from cvelistv5
Published
2019-08-01 15:17
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:17:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20924",
"datePublished": "2019-08-01T15:17:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10811
Vulnerability from cvelistv5
Published
2019-08-07 12:32
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:32:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10811",
"datePublished": "2019-08-07T12:32:33",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1875
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4243",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4243"
},
{
"name": "20040330 Exensive cPanel Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108066561608676\u0026w=2"
},
{
"name": "21142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21142"
},
{
"name": "11244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11244"
},
{
"name": "4215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4215"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cirt.net/advisories/cpanel_xss.shtml"
},
{
"name": "4210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4210"
},
{
"name": "cpanel-multiple-scripts-xss(15671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671"
},
{
"name": "22984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22984"
},
{
"name": "4211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4211"
},
{
"name": "ADV-2006-4658",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4658"
},
{
"name": "10002",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10002"
},
{
"name": "4212",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4212"
},
{
"name": "4208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4208"
},
{
"name": "4213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4213"
},
{
"name": "4214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4214"
},
{
"name": "4209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4209"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.aria-security.com/forum/showthread.php?t=30"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4243",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4243"
},
{
"name": "20040330 Exensive cPanel Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108066561608676\u0026w=2"
},
{
"name": "21142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21142"
},
{
"name": "11244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11244"
},
{
"name": "4215",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4215"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cirt.net/advisories/cpanel_xss.shtml"
},
{
"name": "4210",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4210"
},
{
"name": "cpanel-multiple-scripts-xss(15671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671"
},
{
"name": "22984",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22984"
},
{
"name": "4211",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4211"
},
{
"name": "ADV-2006-4658",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4658"
},
{
"name": "10002",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10002"
},
{
"name": "4212",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4212"
},
{
"name": "4208",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4208"
},
{
"name": "4213",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4213"
},
{
"name": "4214",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4214"
},
{
"name": "4209",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4209"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.aria-security.com/forum/showthread.php?t=30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4243",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4243"
},
{
"name": "20040330 Exensive cPanel Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108066561608676\u0026w=2"
},
{
"name": "21142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21142"
},
{
"name": "11244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11244"
},
{
"name": "4215",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4215"
},
{
"name": "http://www.cirt.net/advisories/cpanel_xss.shtml",
"refsource": "MISC",
"url": "http://www.cirt.net/advisories/cpanel_xss.shtml"
},
{
"name": "4210",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4210"
},
{
"name": "cpanel-multiple-scripts-xss(15671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671"
},
{
"name": "22984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22984"
},
{
"name": "4211",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4211"
},
{
"name": "ADV-2006-4658",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4658"
},
{
"name": "10002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10002"
},
{
"name": "4212",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4212"
},
{
"name": "4208",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4208"
},
{
"name": "4213",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4213"
},
{
"name": "4214",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4214"
},
{
"name": "4209",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4209"
},
{
"name": "http://www.aria-security.com/forum/showthread.php?t=30",
"refsource": "MISC",
"url": "http://www.aria-security.com/forum/showthread.php?t=30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1875",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20916
Vulnerability from cvelistv5
Published
2019-08-01 14:46
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:46:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows Stored XSS via a WHM Edit MX Entry (SEC-370)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20916",
"datePublished": "2019-08-01T14:46:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20493
Vulnerability from cvelistv5
Published
2020-03-17 14:24
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:24:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows self-XSS because JSON string escaping is mishandled (SEC-520)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20493",
"datePublished": "2020-03-17T14:24:47",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10850
Vulnerability from cvelistv5
Published
2019-08-01 14:57
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10850",
"datePublished": "2019-08-01T14:57:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20886
Vulnerability from cvelistv5
Published
2019-08-01 13:01
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:01:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20886",
"datePublished": "2019-08-01T13:01:46",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2071
Vulnerability from cvelistv5
Published
2008-05-12 16:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/491864/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/1522/references | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/3866 | third-party-advisory, x_refsource_SREASON | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/29125 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30166 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42306 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"name": "20080509 XSS and CSRF vulnerability on Cpanel 11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"name": "ADV-2008-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"name": "3866",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3866"
},
{
"name": "20080509 XSS and CSRF vulnerability on cPanel 11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"name": "29125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29125"
},
{
"name": "30166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30166"
},
{
"name": "cpanel-whminterface-csrf(42306)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"name": "20080509 XSS and CSRF vulnerability on Cpanel 11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"name": "ADV-2008-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"name": "3866",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3866"
},
{
"name": "20080509 XSS and CSRF vulnerability on cPanel 11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"name": "29125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29125"
},
{
"name": "30166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30166"
},
{
"name": "cpanel-whminterface-csrf(42306)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2",
"refsource": "CONFIRM",
"url": "http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2"
},
{
"name": "20080509 XSS and CSRF vulnerability on Cpanel 11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"name": "ADV-2008-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"name": "3866",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3866"
},
{
"name": "20080509 XSS and CSRF vulnerability on cPanel 11",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"name": "29125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29125"
},
{
"name": "30166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30166"
},
{
"name": "cpanel-whminterface-csrf(42306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2071",
"datePublished": "2008-05-12T16:00:00",
"dateReserved": "2008-05-05T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26110
Vulnerability from cvelistv5
Published
2020-09-25 05:40
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:40:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26110",
"datePublished": "2020-09-25T05:40:59",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3367
Vulnerability from cvelistv5
Published
2007-06-22 18:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/35861 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/24586 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25722 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35009 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35861",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35861"
},
{
"name": "24586",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24586"
},
{
"name": "25722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25722"
},
{
"name": "cpanel-scgiwrap-path-disclosure(35009)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35861",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35861"
},
{
"name": "24586",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24586"
},
{
"name": "25722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25722"
},
{
"name": "cpanel-scgiwrap-path-disclosure(35009)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35861",
"refsource": "OSVDB",
"url": "http://osvdb.org/35861"
},
{
"name": "24586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24586"
},
{
"name": "25722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25722"
},
{
"name": "cpanel-scgiwrap-path-disclosure(35009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3367",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-22T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18403
Vulnerability from cvelistv5
Published
2019-08-02 13:12
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:12:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18403",
"datePublished": "2019-08-02T13:12:10",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10819
Vulnerability from cvelistv5
Published
2019-08-01 18:31
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:31:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 57.9999.54, user log files become world-readable when rotated by cpanellogd (SEC-125)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10819",
"datePublished": "2019-08-01T18:31:07",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18429
Vulnerability from cvelistv5
Published
2019-08-02 15:54
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:54:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18429",
"datePublished": "2019-08-02T15:54:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10809
Vulnerability from cvelistv5
Published
2019-08-07 12:30
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:30:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10809",
"datePublished": "2019-08-07T12:30:46",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10842
Vulnerability from cvelistv5
Published
2019-08-01 15:41
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:41:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10842",
"datePublished": "2019-08-01T15:41:34",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29136
Vulnerability from cvelistv5
Published
2020-11-27 01:34
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC | |
| https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/ | x_refsource_CONFIRM | |
| https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-14T17:09:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
},
{
"name": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/",
"refsource": "CONFIRM",
"url": "https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/"
},
{
"name": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/",
"refsource": "MISC",
"url": "https://www.digitaldefense.com/news/zero-day-cpanel-and-webhost-manager/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29136",
"datePublished": "2020-11-27T01:34:24",
"dateReserved": "2020-11-27T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14404
Vulnerability from cvelistv5
Published
2019-07-30 14:12
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:12:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.18 allows certain file-read operations in the context of the root account via the Exim virtual_user_spam router (SEC-484)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14404",
"datePublished": "2019-07-30T14:12:04",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10860
Vulnerability from cvelistv5
Published
2019-08-01 14:35
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:35:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10860",
"datePublished": "2019-08-01T14:35:28",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18482
Vulnerability from cvelistv5
Published
2019-08-05 12:50
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:50:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18482",
"datePublished": "2019-08-05T12:50:50",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20933
Vulnerability from cvelistv5
Published
2019-08-01 15:49
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:49:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20933",
"datePublished": "2019-08-01T15:49:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10785
Vulnerability from cvelistv5
Published
2019-08-06 12:55
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:55:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows attackers to discover file contents during file copy operations (SEC-185)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10785",
"datePublished": "2019-08-06T12:55:51",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18419
Vulnerability from cvelistv5
Published
2019-08-02 15:35
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:35:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation (SEC-266)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18419",
"datePublished": "2019-08-02T15:35:25",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20934
Vulnerability from cvelistv5
Published
2019-08-01 15:50
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:50:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20934",
"datePublished": "2019-08-01T15:50:37",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20863
Vulnerability from cvelistv5
Published
2019-07-30 14:20
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:20:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20863",
"datePublished": "2019-07-30T14:20:54",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20879
Vulnerability from cvelistv5
Published
2019-08-01 12:52
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:52:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20879",
"datePublished": "2019-08-01T12:52:05",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10834
Vulnerability from cvelistv5
Published
2019-08-01 16:07
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:07:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10834",
"datePublished": "2019-08-01T16:07:07",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18412
Vulnerability from cvelistv5
Published
2019-08-02 13:50
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:50:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18412",
"datePublished": "2019-08-02T13:50:57",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17377
Vulnerability from cvelistv5
Published
2019-10-09 15:10
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:10:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17377",
"datePublished": "2019-10-09T15:10:01",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10827
Vulnerability from cvelistv5
Published
2019-08-01 16:37
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:37:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10827",
"datePublished": "2019-08-01T16:37:09",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0573
Vulnerability from cvelistv5
Published
2006-02-07 18:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/0433 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24468 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=113898556313924&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/22938 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/22939 | vdb-entry, x_refsource_OSVDB | |
| http://www.osvdb.org/22937 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0025.html | mailing-list, x_refsource_FULLDISC | |
| http://www.osvdb.org/22936 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/18695 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "cpanel-scripts-xss(24468)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"name": "20060203 cPanel Multiple Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113898556313924\u0026w=2"
},
{
"name": "22938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22938"
},
{
"name": "22939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22939"
},
{
"name": "22937",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22937"
},
{
"name": "20060202 cPanel Multiple Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0025.html"
},
{
"name": "22936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22936"
},
{
"name": "18695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "cpanel-scripts-xss(24468)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"name": "20060203 cPanel Multiple Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113898556313924\u0026w=2"
},
{
"name": "22938",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22938"
},
{
"name": "22939",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22939"
},
{
"name": "22937",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22937"
},
{
"name": "20060202 cPanel Multiple Cross Site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0025.html"
},
{
"name": "22936",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22936"
},
{
"name": "18695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0433",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "cpanel-scripts-xss(24468)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24468"
},
{
"name": "20060203 cPanel Multiple Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113898556313924\u0026w=2"
},
{
"name": "22938",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22938"
},
{
"name": "22939",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22939"
},
{
"name": "22937",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22937"
},
{
"name": "20060202 cPanel Multiple Cross Site Scripting Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0025.html"
},
{
"name": "22936",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22936"
},
{
"name": "18695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0573",
"datePublished": "2006-02-07T18:00:00",
"dateReserved": "2006-02-07T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26101
Vulnerability from cvelistv5
Published
2020-09-25 05:43
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:43:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26101",
"datePublished": "2020-09-25T05:43:08",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31803
Vulnerability from cvelistv5
Published
2021-04-26 07:30
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/94-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-26T07:30:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/94-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/94-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31803",
"datePublished": "2021-04-26T07:30:54",
"dateReserved": "2021-04-26T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18439
Vulnerability from cvelistv5
Published
2019-08-02 16:15
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:15:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18439",
"datePublished": "2019-08-02T16:15:43",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18415
Vulnerability from cvelistv5
Published
2019-08-02 13:53
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:53:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18415",
"datePublished": "2019-08-02T13:53:15",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20912
Vulnerability from cvelistv5
Published
2019-08-01 14:42
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:42:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20912",
"datePublished": "2019-08-01T14:42:31",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14388
Vulnerability from cvelistv5
Published
2019-07-30 12:45
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:45:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.2 allows unauthenticated file creation because Exim log parsing is mishandled (SEC-507)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14388",
"datePublished": "2019-07-30T12:45:33",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14399
Vulnerability from cvelistv5
Published
2019-07-30 14:07
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:07:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL certificate-storage feature in cPanel before 78.0.18 allows unsafe file operations in the context of the root account (SEC-477)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14399",
"datePublished": "2019-07-30T14:07:06",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4022
Vulnerability from cvelistv5
Published
2007-07-26 19:00
Modified
2024-08-07 14:37
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26191 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/2930 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/25047 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/474556/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2007/2688 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35652 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:37:05.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26191"
},
{
"name": "2930",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2930"
},
{
"name": "25047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25047"
},
{
"name": "20070724 cPanel 10.9.1 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/474556/100/0/threaded"
},
{
"name": "ADV-2007-2688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2688"
},
{
"name": "cpanel-changepro-xss(35652)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26191",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26191"
},
{
"name": "2930",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2930"
},
{
"name": "25047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25047"
},
{
"name": "20070724 cPanel 10.9.1 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/474556/100/0/threaded"
},
{
"name": "ADV-2007-2688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2688"
},
{
"name": "cpanel-changepro-xss(35652)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35652"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26191"
},
{
"name": "2930",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2930"
},
{
"name": "25047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25047"
},
{
"name": "20070724 cPanel 10.9.1 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/474556/100/0/threaded"
},
{
"name": "ADV-2007-2688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2688"
},
{
"name": "cpanel-changepro-xss(35652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35652"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4022",
"datePublished": "2007-07-26T19:00:00",
"dateReserved": "2007-07-26T00:00:00",
"dateUpdated": "2024-08-07T14:37:05.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38586
Vulnerability from cvelistv5
Published
2021-08-11 22:55
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38586",
"datePublished": "2021-08-11T22:55:47",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18471
Vulnerability from cvelistv5
Published
2019-08-05 12:42
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:42:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 allows self XSS on the paper_lantern password-change screen (SEC-197)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18471",
"datePublished": "2019-08-05T12:42:13",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20943
Vulnerability from cvelistv5
Published
2019-08-01 16:11
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon a post-update task (SEC-352)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:11:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon a post-update task (SEC-352)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20943",
"datePublished": "2019-08-01T16:11:56",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10114
Vulnerability from cvelistv5
Published
2020-03-17 14:33
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:33:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10114",
"datePublished": "2020-03-17T14:33:55",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10773
Vulnerability from cvelistv5
Published
2019-08-05 12:56
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:56:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10773",
"datePublished": "2019-08-05T12:56:27",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.366Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4823
Vulnerability from cvelistv5
Published
2010-04-27 15:00
Modified
2024-08-07 07:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37826 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.exploit-db.com/exploits/10519 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.vupen.com/english/advisories/2009/3608 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/37394 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/61231 | vdb-entry, x_refsource_OSVDB | |
| http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:17:25.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37826"
},
{
"name": "10519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/10519"
},
{
"name": "ADV-2009-3608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3608"
},
{
"name": "37394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37394"
},
{
"name": "61231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61231"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37826",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37826"
},
{
"name": "10519",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/10519"
},
{
"name": "ADV-2009-3608",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3608"
},
{
"name": "37394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37394"
},
{
"name": "61231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61231"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37826"
},
{
"name": "10519",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10519"
},
{
"name": "ADV-2009-3608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3608"
},
{
"name": "37394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37394"
},
{
"name": "61231",
"refsource": "OSVDB",
"url": "http://osvdb.org/61231"
},
{
"name": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4823",
"datePublished": "2010-04-27T15:00:00",
"dateReserved": "2010-04-27T00:00:00",
"dateUpdated": "2024-08-07T07:17:25.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26100
Vulnerability from cvelistv5
Published
2020-09-25 05:43
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:43:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26100",
"datePublished": "2020-09-25T05:43:16",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10780
Vulnerability from cvelistv5
Published
2019-08-06 12:52
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:52:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10780",
"datePublished": "2019-08-06T12:52:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10847
Vulnerability from cvelistv5
Published
2019-08-01 15:30
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:30:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10847",
"datePublished": "2019-08-01T15:30:10",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18457
Vulnerability from cvelistv5
Published
2019-08-02 16:30
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:30:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18457",
"datePublished": "2019-08-02T16:30:22",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10814
Vulnerability from cvelistv5
Published
2019-08-01 18:53
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:53:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10814",
"datePublished": "2019-08-01T18:53:49",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18476
Vulnerability from cvelistv5
Published
2019-08-05 12:46
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:46:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18476",
"datePublished": "2019-08-05T12:46:19",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14402
Vulnerability from cvelistv5
Published
2019-07-30 14:10
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:10:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14402",
"datePublished": "2019-07-30T14:10:06",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20492
Vulnerability from cvelistv5
Published
2020-03-17 14:23
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:23:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows authentication bypass because of misparsing of the format of the password file (SEC-516)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20492",
"datePublished": "2020-03-17T14:23:54",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14410
Vulnerability from cvelistv5
Published
2019-07-30 14:17
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:17:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Maketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-472)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14410",
"datePublished": "2019-07-30T14:17:18",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18385
Vulnerability from cvelistv5
Published
2019-08-02 12:22
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:22:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18385",
"datePublished": "2019-08-02T12:22:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10800
Vulnerability from cvelistv5
Published
2019-08-07 12:22
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:22:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 58.0.4 allows demo-mode escape via Site Templates and Boxtrapper API calls (SEC-138)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10800",
"datePublished": "2019-08-07T12:22:10",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10840
Vulnerability from cvelistv5
Published
2019-08-01 15:44
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:44:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10840",
"datePublished": "2019-08-01T15:44:25",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20892
Vulnerability from cvelistv5
Published
2019-08-01 13:09
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:09:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20892",
"datePublished": "2019-08-01T13:09:41",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12785
Vulnerability from cvelistv5
Published
2020-05-11 15:51
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/86+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T15:51:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/86+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/86+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12785",
"datePublished": "2020-05-11T15:51:38",
"dateReserved": "2020-05-11T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1604
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=109811762230326&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041018 cPanel symlink chmod issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811762230326\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041018 cPanel symlink chmod issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109811762230326\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041018 cPanel symlink chmod issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109811762230326\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1604",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T01:00:36.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14387
Vulnerability from cvelistv5
Published
2019-07-30 12:43
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:39.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:43:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.2 has Self XSS in the cPanel and webmail master templates (SEC-506)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14387",
"datePublished": "2019-07-30T12:43:16",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:39.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18458
Vulnerability from cvelistv5
Published
2019-08-02 16:31
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:31:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows file overwrite when renaming an account (SEC-219)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18458",
"datePublished": "2019-08-02T16:31:05",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20928
Vulnerability from cvelistv5
Published
2019-08-01 15:46
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:46:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20928",
"datePublished": "2019-08-01T15:46:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18425
Vulnerability from cvelistv5
Published
2019-08-02 15:43
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:43:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18425",
"datePublished": "2019-08-02T15:43:39",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18464
Vulnerability from cvelistv5
Published
2019-08-05 11:49
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T11:49:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows arbitrary file-overwrite operations via the WHM Zone Template editor (SEC-226)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18464",
"datePublished": "2019-08-05T11:49:56",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10843
Vulnerability from cvelistv5
Published
2019-08-01 15:40
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:40:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10843",
"datePublished": "2019-08-01T15:40:51",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10779
Vulnerability from cvelistv5
Published
2019-08-06 12:50
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:50:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10779",
"datePublished": "2019-08-06T12:50:16",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20864
Vulnerability from cvelistv5
Published
2019-07-30 14:21
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:21:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 allows a persistent Virtual FTP accounts after removal of its associated domain (SEC-454)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20864",
"datePublished": "2019-07-30T14:21:34",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18410
Vulnerability from cvelistv5
Published
2019-08-02 13:49
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 67.9999.103, a user account\u0027s backup archive could contain all MySQL databases on the server (SEC-284)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:49:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 67.9999.103, a user account\u0027s backup archive could contain all MySQL databases on the server (SEC-284)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18410",
"datePublished": "2019-08-02T13:49:13",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10770
Vulnerability from cvelistv5
Published
2019-08-05 12:54
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:54:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows arbitrary file-overwrite operations during a Roundcube update (SEC-164)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10770",
"datePublished": "2019-08-05T12:54:14",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18459
Vulnerability from cvelistv5
Published
2019-08-02 16:31
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:31:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18459",
"datePublished": "2019-08-02T16:31:44",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20496
Vulnerability from cvelistv5
Published
2020-03-17 14:30
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:30:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows attackers to conduct arbitrary chown operations as root during log processing (SEC-532)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20496",
"datePublished": "2020-03-17T14:30:57",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10119
Vulnerability from cvelistv5
Published
2020-03-17 14:38
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:38:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10119",
"datePublished": "2020-03-17T14:38:58",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18383
Vulnerability from cvelistv5
Published
2019-08-02 12:20
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:20:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 writes home-directory backups to an incorrect location (SEC-309)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18383",
"datePublished": "2019-08-02T12:20:15",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18384
Vulnerability from cvelistv5
Published
2019-08-02 12:21
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:21:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18384",
"datePublished": "2019-08-02T12:21:31",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18430
Vulnerability from cvelistv5
Published
2019-08-02 15:55
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:55:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassign_post_terminate_cruft (SEC-294)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18430",
"datePublished": "2019-08-02T15:55:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10839
Vulnerability from cvelistv5
Published
2019-08-01 15:44
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:44:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows SQL injection in bin/horde_update_usernames (SEC-71)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10839",
"datePublished": "2019-08-01T15:44:49",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20903
Vulnerability from cvelistv5
Published
2019-08-01 14:21
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:21:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20903",
"datePublished": "2019-08-01T14:21:55",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10778
Vulnerability from cvelistv5
Published
2019-08-06 12:48
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:48:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10778",
"datePublished": "2019-08-06T12:48:40",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10857
Vulnerability from cvelistv5
Published
2019-08-01 14:40
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:40:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10857",
"datePublished": "2019-08-01T14:40:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1499
Vulnerability from cvelistv5
Published
2008-03-25 19:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/489963/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securityreason.com/securityalert/3775 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/28403 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41374 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080321 XSS in cPanel 11.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489963/100/0/threaded"
},
{
"name": "3775",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3775"
},
{
"name": "28403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28403"
},
{
"name": "cpanel-manpage-xss(41374)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080321 XSS in cPanel 11.x",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489963/100/0/threaded"
},
{
"name": "3775",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3775"
},
{
"name": "28403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28403"
},
{
"name": "cpanel-manpage-xss(41374)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080321 XSS in cPanel 11.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489963/100/0/threaded"
},
{
"name": "3775",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3775"
},
{
"name": "28403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28403"
},
{
"name": "cpanel-manpage-xss(41374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1499",
"datePublished": "2008-03-25T19:00:00",
"dateReserved": "2008-03-25T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10825
Vulnerability from cvelistv5
Published
2019-08-01 16:39
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:39:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10825",
"datePublished": "2019-08-01T16:39:15",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20914
Vulnerability from cvelistv5
Published
2019-08-01 14:44
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:44:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20914",
"datePublished": "2019-08-01T14:44:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20938
Vulnerability from cvelistv5
Published
2019-08-01 16:07
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:07:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20938",
"datePublished": "2019-08-01T16:07:22",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10787
Vulnerability from cvelistv5
Published
2019-08-06 12:57
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:57:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10787",
"datePublished": "2019-08-06T12:57:40",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20875
Vulnerability from cvelistv5
Published
2019-08-01 12:41
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:41:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20875",
"datePublished": "2019-08-01T12:41:25",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20929
Vulnerability from cvelistv5
Published
2019-08-01 15:20
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.722Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:20:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20929",
"datePublished": "2019-08-01T15:20:25",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10771
Vulnerability from cvelistv5
Published
2019-08-05 12:55
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:55:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows file-create and file-chmod operations during ModSecurity Audit logfile processing (SEC-165)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10771",
"datePublished": "2019-08-05T12:55:04",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20950
Vulnerability from cvelistv5
Published
2019-08-01 16:17
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:17:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20950",
"datePublished": "2019-08-01T16:17:58",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26098
Vulnerability from cvelistv5
Published
2020-09-25 05:43
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:43:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26098",
"datePublished": "2020-09-25T05:43:32",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10855
Vulnerability from cvelistv5
Published
2019-08-01 14:42
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:42:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10855",
"datePublished": "2019-08-01T14:42:27",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20865
Vulnerability from cvelistv5
Published
2019-07-30 14:22
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:22:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 has Self XSS in the WHM Additional Backup Destination field (SEC-459)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20865",
"datePublished": "2019-07-30T14:22:10",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18475
Vulnerability from cvelistv5
Published
2019-08-05 12:45
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:45:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18475",
"datePublished": "2019-08-05T12:45:24",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10831
Vulnerability from cvelistv5
Published
2019-08-01 16:25
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:25:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10831",
"datePublished": "2019-08-01T16:25:40",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10768
Vulnerability from cvelistv5
Published
2019-08-05 12:52
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:52:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows file-overwrite operations during preparation for MySQL upgrades (SEC-161)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10768",
"datePublished": "2019-08-05T12:52:34",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18388
Vulnerability from cvelistv5
Published
2019-08-02 12:31
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:31:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18388",
"datePublished": "2019-08-02T12:31:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10859
Vulnerability from cvelistv5
Published
2019-08-01 14:36
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:36:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10859",
"datePublished": "2019-08-01T14:36:49",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3337
Vulnerability from cvelistv5
Published
2006-07-03 18:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugzilla.cpanel.net/show_bug.cgi?id=4282 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/438477/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/2547 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/438355/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27403 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/20840 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016383 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/18655 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282"
},
{
"name": "20060626 Re: XSS in Cpanel 10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438477/100/0/threaded"
},
{
"name": "ADV-2006-2547",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2547"
},
{
"name": "20060626 XSS in Cpanel 10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438355/100/0/threaded"
},
{
"name": "cpanel-select-xss(27403)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27403"
},
{
"name": "20840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20840"
},
{
"name": "1016383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016383"
},
{
"name": "18655",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282"
},
{
"name": "20060626 Re: XSS in Cpanel 10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438477/100/0/threaded"
},
{
"name": "ADV-2006-2547",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2547"
},
{
"name": "20060626 XSS in Cpanel 10",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438355/100/0/threaded"
},
{
"name": "cpanel-select-xss(27403)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27403"
},
{
"name": "20840",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20840"
},
{
"name": "1016383",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016383"
},
{
"name": "18655",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282",
"refsource": "MISC",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=4282"
},
{
"name": "20060626 Re: XSS in Cpanel 10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438477/100/0/threaded"
},
{
"name": "ADV-2006-2547",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2547"
},
{
"name": "20060626 XSS in Cpanel 10",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438355/100/0/threaded"
},
{
"name": "cpanel-select-xss(27403)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27403"
},
{
"name": "20840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20840"
},
{
"name": "1016383",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016383"
},
{
"name": "18655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3337",
"datePublished": "2006-07-03T18:00:00",
"dateReserved": "2006-07-03T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20901
Vulnerability from cvelistv5
Published
2019-08-01 14:20
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:20:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20901",
"datePublished": "2019-08-01T14:20:04",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20941
Vulnerability from cvelistv5
Published
2019-08-01 16:10
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:10:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20941",
"datePublished": "2019-08-01T16:10:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18395
Vulnerability from cvelistv5
Published
2019-08-02 13:05
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 does not block a username of ssl (SEC-328).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not block a username of ssl (SEC-328)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:05:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 does not block a username of ssl (SEC-328)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18395",
"datePublished": "2019-08-02T13:05:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20913
Vulnerability from cvelistv5
Published
2019-08-01 14:43
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:43:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20913",
"datePublished": "2019-08-01T14:43:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20940
Vulnerability from cvelistv5
Published
2019-08-01 16:09
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon the enabling of backups (SEC-342)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:09:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows attackers to read root\u0027s crontab file during a short time interval upon the enabling of backups (SEC-342)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20940",
"datePublished": "2019-08-01T16:09:11",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10804
Vulnerability from cvelistv5
Published
2019-08-07 12:26
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:26:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10804",
"datePublished": "2019-08-07T12:26:13",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2043
Vulnerability from cvelistv5
Published
2008-05-01 17:20
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/30027 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1401/references | vdb-entry, x_refsource_VUPEN | |
| http://www.rooksecurity.com/blog/?p=7 | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/584089 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42114 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30027"
},
{
"name": "ADV-2008-1401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1401/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rooksecurity.com/blog/?p=7"
},
{
"name": "VU#584089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/584089"
},
{
"name": "cpanel-http-csrf(42114)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42114"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30027"
},
{
"name": "ADV-2008-1401",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1401/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rooksecurity.com/blog/?p=7"
},
{
"name": "VU#584089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/584089"
},
{
"name": "cpanel-http-csrf(42114)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42114"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30027"
},
{
"name": "ADV-2008-1401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1401/references"
},
{
"name": "http://www.rooksecurity.com/blog/?p=7",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=7"
},
{
"name": "VU#584089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584089"
},
{
"name": "cpanel-http-csrf(42114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42114"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2043",
"datePublished": "2008-05-01T17:20:00",
"dateReserved": "2008-05-01T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18442
Vulnerability from cvelistv5
Published
2019-08-02 16:18
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:18:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18442",
"datePublished": "2019-08-02T16:18:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20891
Vulnerability from cvelistv5
Published
2019-08-01 13:08
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:08:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20891",
"datePublished": "2019-08-01T13:08:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10117
Vulnerability from cvelistv5
Published
2020-03-17 14:37
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:37:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10117",
"datePublished": "2020-03-17T14:37:23",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10796
Vulnerability from cvelistv5
Published
2019-08-06 13:08
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T13:08:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10796",
"datePublished": "2019-08-06T13:08:04",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18432
Vulnerability from cvelistv5
Published
2019-08-02 15:57
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:57:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18432",
"datePublished": "2019-08-02T15:57:43",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2825
Vulnerability from cvelistv5
Published
2006-06-05 17:00
Modified
2024-08-07 18:06
Severity ?
EPSS score ?
Summary
cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26613 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/31835 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/1039 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:26.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cpanel-openbasedir-security-bypass(26613)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26613"
},
{
"name": "20060520 cPanel OpenBaseDir Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html"
},
{
"name": "31835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31835"
},
{
"name": "1039",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user\u0027s own open_basedir directive, but not the main server\u0027s open_basedir directive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cpanel-openbasedir-security-bypass(26613)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26613"
},
{
"name": "20060520 cPanel OpenBaseDir Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html"
},
{
"name": "31835",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31835"
},
{
"name": "1039",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1039"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user\u0027s own open_basedir directive, but not the main server\u0027s open_basedir directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-openbasedir-security-bypass(26613)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26613"
},
{
"name": "20060520 cPanel OpenBaseDir Bypass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html"
},
{
"name": "31835",
"refsource": "OSVDB",
"url": "http://osvdb.org/31835"
},
{
"name": "1039",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1039"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2825",
"datePublished": "2006-06-05T17:00:00",
"dateReserved": "2006-06-05T00:00:00",
"dateUpdated": "2024-08-07T18:06:26.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10121
Vulnerability from cvelistv5
Published
2020-03-17 14:40
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:40:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10121",
"datePublished": "2020-03-17T14:40:35",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18392
Vulnerability from cvelistv5
Published
2019-08-02 13:03
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:03:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18392",
"datePublished": "2019-08-02T13:03:23",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14391
Vulnerability from cvelistv5
Published
2019-07-30 12:48
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:48:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14391",
"datePublished": "2019-07-30T12:48:47",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20917
Vulnerability from cvelistv5
Published
2019-08-01 14:47
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows any user to disable Solr (SEC-371).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows any user to disable Solr (SEC-371)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:47:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows any user to disable Solr (SEC-371)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20917",
"datePublished": "2019-08-01T14:47:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18417
Vulnerability from cvelistv5
Published
2019-08-02 15:33
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:33:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons installation (SEC-263)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18417",
"datePublished": "2019-08-02T15:33:52",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20904
Vulnerability from cvelistv5
Published
2019-08-01 14:23
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:23:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20904",
"datePublished": "2019-08-01T14:23:03",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20946
Vulnerability from cvelistv5
Published
2019-08-01 16:14
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:14:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20946",
"datePublished": "2019-08-01T16:14:38",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26113
Vulnerability from cvelistv5
Published
2020-09-25 05:40
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:40:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26113",
"datePublished": "2020-09-25T05:40:34",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10807
Vulnerability from cvelistv5
Published
2019-08-07 12:29
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:29:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10807",
"datePublished": "2019-08-07T12:29:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26108
Vulnerability from cvelistv5
Published
2020-09-25 05:42
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:42:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26108",
"datePublished": "2020-09-25T05:42:12",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2478
Vulnerability from cvelistv5
Published
2008-05-28 15:00
Modified
2024-08-07 09:05
Severity ?
EPSS score ?
Summary
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/492223/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/492259/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1020042 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42529 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/29277 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080518 Cpanel all version \u003e\u003e root access with a reseller account.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492223/100/0/threaded"
},
{
"name": "20080519 Re: Cpanel all version \u003e\u003e root access with a reseller account.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492259/100/0/threaded"
},
{
"name": "1020042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020042"
},
{
"name": "cpanel-wwwact-privilege-escalation(42529)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42529"
},
{
"name": "29277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating \"I\u0027m unable to reproduce such an issue on multiple servers running different versions of cPanel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080518 Cpanel all version \u003e\u003e root access with a reseller account.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492223/100/0/threaded"
},
{
"name": "20080519 Re: Cpanel all version \u003e\u003e root access with a reseller account.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492259/100/0/threaded"
},
{
"name": "1020042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020042"
},
{
"name": "cpanel-wwwact-privilege-escalation(42529)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42529"
},
{
"name": "29277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29277"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating \"I\u0027m unable to reproduce such an issue on multiple servers running different versions of cPanel.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080518 Cpanel all version \u003e\u003e root access with a reseller account.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492223/100/0/threaded"
},
{
"name": "20080519 Re: Cpanel all version \u003e\u003e root access with a reseller account.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492259/100/0/threaded"
},
{
"name": "1020042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020042"
},
{
"name": "cpanel-wwwact-privilege-escalation(42529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42529"
},
{
"name": "29277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29277"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2478",
"datePublished": "2008-05-28T15:00:00",
"dateReserved": "2008-05-28T00:00:00",
"dateUpdated": "2024-08-07T09:05:30.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20947
Vulnerability from cvelistv5
Published
2019-08-01 16:15
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:15:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20947",
"datePublished": "2019-08-01T16:15:28",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10844
Vulnerability from cvelistv5
Published
2019-08-01 15:39
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:39:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The chcpass script in cPanel before 11.54.0.4 reveals a password hash (SEC-77)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10844",
"datePublished": "2019-08-01T15:39:59",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18420
Vulnerability from cvelistv5
Published
2019-08-02 15:36
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:36:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing (SEC-269)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18420",
"datePublished": "2019-08-02T15:36:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26109
Vulnerability from cvelistv5
Published
2020-09-25 05:41
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:41:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26109",
"datePublished": "2020-09-25T05:41:09",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20867
Vulnerability from cvelistv5
Published
2019-07-30 13:59
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T13:59:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20867",
"datePublished": "2019-07-30T13:59:02",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18443
Vulnerability from cvelistv5
Published
2019-08-02 16:18
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:18:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18443",
"datePublished": "2019-08-02T16:18:42",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18416
Vulnerability from cvelistv5
Published
2019-08-02 13:53
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:53:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18416",
"datePublished": "2019-08-02T13:53:59",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-16236
Vulnerability from cvelistv5
Published
2018-08-30 22:00
Modified
2024-08-05 10:17
Severity ?
EPSS score ?
Summary
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cxsecurity.com/issue/WLB-2018080093 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cxsecurity.com/issue/WLB-2018080093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-30T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cxsecurity.com/issue/WLB-2018080093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cxsecurity.com/issue/WLB-2018080093",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018080093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16236",
"datePublished": "2018-08-30T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14412
Vulnerability from cvelistv5
Published
2019-07-30 14:18
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:18:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14412",
"datePublished": "2019-07-30T14:18:55",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20939
Vulnerability from cvelistv5
Published
2019-08-01 16:08
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:08:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20939",
"datePublished": "2019-08-01T16:08:14",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10783
Vulnerability from cvelistv5
Published
2019-08-06 12:54
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:54:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10783",
"datePublished": "2019-08-06T12:54:26",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20869
Vulnerability from cvelistv5
Published
2019-07-30 14:27
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:27:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20869",
"datePublished": "2019-07-30T14:27:55",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2308
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/357231 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9853 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15485 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040312 Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/357231"
},
{
"name": "9853",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9853"
},
{
"name": "cpanel-dir-xss(15485)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15485"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040312 Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/357231"
},
{
"name": "9853",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9853"
},
{
"name": "cpanel-dir-xss(15485)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15485"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040312 Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/357231"
},
{
"name": "9853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9853"
},
{
"name": "cpanel-dir-xss(15485)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15485"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2308",
"datePublished": "2005-08-16T04:00:00",
"dateReserved": "2005-08-16T00:00:00",
"dateUpdated": "2024-08-08T01:22:13.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-6843
Vulnerability from cvelistv5
Published
2009-07-02 10:00
Modified
2024-08-07 11:42
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/46991 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/498814/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/32578 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:42:00.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cpanel-index-directory-traversal(46991)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"name": "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"name": "32578",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32578"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cpanel-index-directory-traversal(46991)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"name": "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"name": "32578",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32578"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-index-directory-traversal(46991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46991"
},
{
"name": "20081202 Cpanel fantastico Privilege Escalation \"ModSec and PHP restriction Bypass\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498814/100/0/threaded"
},
{
"name": "32578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32578"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6843",
"datePublished": "2009-07-02T10:00:00",
"dateReserved": "2009-07-02T00:00:00",
"dateUpdated": "2024-08-07T11:42:00.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20868
Vulnerability from cvelistv5
Published
2019-07-30 14:25
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/76+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:25:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 76.0.8 has Stored XSS in the WHM MultiPHP Manager interface (SEC-464)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/76+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/76+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20868",
"datePublished": "2019-07-30T14:25:19",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18444
Vulnerability from cvelistv5
Published
2019-08-02 16:19
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:19:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18444",
"datePublished": "2019-08-02T16:19:27",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0574
Vulnerability from cvelistv5
Published
2006-02-07 18:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/22940 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2006/0433 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1015589 | vdb-entry, x_refsource_SECTRACK | |
| http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0062.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/archive/1/424148/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/18695 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22940"
},
{
"name": "ADV-2006-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "1015589",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015589"
},
{
"name": "20060204 cPanel 10 mime/handle.html XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0062.html"
},
{
"name": "20060205 cPanel 10 handle.html XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/424148/100/0/threaded"
},
{
"name": "18695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22940",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22940"
},
{
"name": "ADV-2006-0433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "1015589",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015589"
},
{
"name": "20060204 cPanel 10 mime/handle.html XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0062.html"
},
{
"name": "20060205 cPanel 10 handle.html XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/424148/100/0/threaded"
},
{
"name": "18695",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22940",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22940"
},
{
"name": "ADV-2006-0433",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0433"
},
{
"name": "1015589",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015589"
},
{
"name": "20060204 cPanel 10 mime/handle.html XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0062.html"
},
{
"name": "20060205 cPanel 10 handle.html XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424148/100/0/threaded"
},
{
"name": "18695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0574",
"datePublished": "2006-02-07T18:00:00",
"dateReserved": "2006-02-07T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38590
Vulnerability from cvelistv5
Published
2021-08-11 22:54
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:54:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38590",
"datePublished": "2021-08-11T22:54:59",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20893
Vulnerability from cvelistv5
Published
2019-08-01 13:10
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:10:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20893",
"datePublished": "2019-08-01T13:10:35",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18470
Vulnerability from cvelistv5
Published
2019-08-05 12:41
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:41:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18470",
"datePublished": "2019-08-05T12:41:28",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14397
Vulnerability from cvelistv5
Published
2019-07-30 14:05
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/80+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:05:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 80.0.5 allows demo accounts to modify arbitrary files via the extractfile API1 call (SEC-496)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/80+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14397",
"datePublished": "2019-07-30T14:05:33",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20889
Vulnerability from cvelistv5
Published
2019-08-01 13:05
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:28.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:05:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20889",
"datePublished": "2019-08-01T13:05:30",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:28.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10784
Vulnerability from cvelistv5
Published
2019-08-06 12:55
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:55:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10784",
"datePublished": "2019-08-06T12:55:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10805
Vulnerability from cvelistv5
Published
2019-08-07 12:27
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:27:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10805",
"datePublished": "2019-08-07T12:27:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14396
Vulnerability from cvelistv5
Published
2019-07-30 14:04
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/80+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:04:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "API Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/80+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14396",
"datePublished": "2019-07-30T14:04:49",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10116
Vulnerability from cvelistv5
Published
2020-03-17 14:36
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:36:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10116",
"datePublished": "2020-03-17T14:36:40",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10852
Vulnerability from cvelistv5
Published
2019-08-01 14:47
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:47:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10852",
"datePublished": "2019-08-01T14:47:13",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17378
Vulnerability from cvelistv5
Published
2019-10-09 15:10
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:10:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17378",
"datePublished": "2019-10-09T15:10:42",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17380
Vulnerability from cvelistv5
Published
2019-10-09 15:11
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.462Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:11:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17380",
"datePublished": "2019-10-09T15:11:55",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38588
Vulnerability from cvelistv5
Published
2021-08-11 22:55
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38588",
"datePublished": "2021-08-11T22:55:25",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-5614
Vulnerability from cvelistv5
Published
2017-03-03 15:00
Modified
2024-08-05 15:04
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/95870 | vdb-entry, x_refsource_BID | |
| https://news.cpanel.com/tsr-2017-0001-full-disclosure/ | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2017/01/28/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:04:15.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "95870",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"name": "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "95870",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"name": "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-5614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95870"
},
{
"name": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/",
"refsource": "MISC",
"url": "https://news.cpanel.com/tsr-2017-0001-full-disclosure/"
},
{
"name": "[oss-security] 20170128 Re: CVE request: cgiemail multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-5614",
"datePublished": "2017-03-03T15:00:00",
"dateReserved": "2017-01-28T00:00:00",
"dateUpdated": "2024-08-05T15:04:15.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20906
Vulnerability from cvelistv5
Published
2019-08-01 14:27
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:27:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20906",
"datePublished": "2019-08-01T14:27:06",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10788
Vulnerability from cvelistv5
Published
2019-08-06 12:58
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:58:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10788",
"datePublished": "2019-08-06T12:58:35",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10822
Vulnerability from cvelistv5
Published
2019-08-01 16:45
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/56+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:45:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/56+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/56+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10822",
"datePublished": "2019-08-01T16:45:26",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20895
Vulnerability from cvelistv5
Published
2019-08-01 13:40
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:40:54",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20895",
"datePublished": "2019-08-01T13:40:54",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20932
Vulnerability from cvelistv5
Published
2019-08-01 15:48
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:48:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20932",
"datePublished": "2019-08-01T15:48:38",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18399
Vulnerability from cvelistv5
Published
2019-08-02 13:08
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows attackers to read root\u0027s crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:08:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows attackers to read root\u0027s crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18399",
"datePublished": "2019-08-02T13:08:56",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18413
Vulnerability from cvelistv5
Published
2019-08-02 13:51
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 67.9999.103, the backup system overwrites root's home directory when a mount disappears (SEC-299).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 67.9999.103, the backup system overwrites root\u0027s home directory when a mount disappears (SEC-299)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:51:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 67.9999.103, the backup system overwrites root\u0027s home directory when a mount disappears (SEC-299)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18413",
"datePublished": "2019-08-02T13:51:49",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18389
Vulnerability from cvelistv5
Published
2019-08-02 12:32
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T12:32:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18389",
"datePublished": "2019-08-02T12:32:21",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26102
Vulnerability from cvelistv5
Published
2020-09-25 05:42
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.739Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:42:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26102",
"datePublished": "2020-09-25T05:42:59",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20497
Vulnerability from cvelistv5
Published
2020-03-17 14:31
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:31:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SEC-533)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20497",
"datePublished": "2020-03-17T14:31:35",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29135
Vulnerability from cvelistv5
Published
2020-11-27 01:34
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:01.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-27T01:34:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29135",
"datePublished": "2020-11-27T01:34:02",
"dateReserved": "2020-11-27T00:00:00",
"dateUpdated": "2024-08-04T16:48:01.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20952
Vulnerability from cvelistv5
Published
2019-08-01 16:19
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:19:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20952",
"datePublished": "2019-08-01T16:19:30",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20874
Vulnerability from cvelistv5
Published
2019-08-01 12:40
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in the WHM \"Create a New Account\" interface (SEC-428)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:40:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows self XSS in the WHM \"Create a New Account\" interface (SEC-428)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20874",
"datePublished": "2019-08-01T12:40:12",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18445
Vulnerability from cvelistv5
Published
2019-08-02 16:20
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:20:09",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18445",
"datePublished": "2019-08-02T16:20:09",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20897
Vulnerability from cvelistv5
Published
2019-08-01 13:53
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:53:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20897",
"datePublished": "2019-08-01T13:53:24",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26106
Vulnerability from cvelistv5
Published
2020-09-25 05:42
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:42:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26106",
"datePublished": "2020-09-25T05:42:32",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14393
Vulnerability from cvelistv5
Published
2019-07-30 14:02
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/80+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:02:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/80+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14393",
"datePublished": "2019-07-30T14:02:23",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17376
Vulnerability from cvelistv5
Published
2019-10-09 15:09
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:09:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.15 allows self XSS in the SSL Certificate Upload interface (SEC-521)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17376",
"datePublished": "2019-10-09T15:09:21",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38587
Vulnerability from cvelistv5
Published
2021-08-11 22:55
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/96-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:55:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/96-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/96-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38587",
"datePublished": "2021-08-11T22:55:37",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10816
Vulnerability from cvelistv5
Published
2019-08-01 18:52
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:52:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10816",
"datePublished": "2019-08-01T18:52:32",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18418
Vulnerability from cvelistv5
Published
2019-08-02 15:34
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:34:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations (SEC-265)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18418",
"datePublished": "2019-08-02T15:34:44",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18423
Vulnerability from cvelistv5
Published
2019-08-02 15:38
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:38:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, domain log files become readable after log processing (SEC-273)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18423",
"datePublished": "2019-08-02T15:38:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14408
Vulnerability from cvelistv5
Published
2019-07-30 14:15
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:15:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.2 allows a demo account to link with an OpenID provider (SEC-460)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14408",
"datePublished": "2019-07-30T14:15:13",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18398
Vulnerability from cvelistv5
Published
2019-08-02 13:08
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:08:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18398",
"datePublished": "2019-08-02T13:08:11",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18427
Vulnerability from cvelistv5
Published
2019-08-02 15:46
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:46:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18427",
"datePublished": "2019-08-02T15:46:20",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18462
Vulnerability from cvelistv5
Published
2019-08-05 11:49
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T11:49:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18462",
"datePublished": "2019-08-05T11:49:11",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18428
Vulnerability from cvelistv5
Published
2019-08-02 15:47
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:47:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18428",
"datePublished": "2019-08-02T15:47:25",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10799
Vulnerability from cvelistv5
Published
2019-08-07 12:21
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:21:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10799",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10799",
"datePublished": "2019-08-07T12:21:21",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26103
Vulnerability from cvelistv5
Published
2020-09-25 05:42
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/88-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:42:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/88-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/88-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26103",
"datePublished": "2020-09-25T05:42:53",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10113
Vulnerability from cvelistv5
Published
2020-03-17 14:33
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:33:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10113",
"datePublished": "2020-03-17T14:33:19",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18433
Vulnerability from cvelistv5
Published
2019-08-02 15:58
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:58:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18433",
"datePublished": "2019-08-02T15:58:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10802
Vulnerability from cvelistv5
Published
2019-08-07 12:23
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:23:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10802",
"datePublished": "2019-08-07T12:23:47",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10786
Vulnerability from cvelistv5
Published
2019-08-06 12:56
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:56:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows members of the nobody group to read Apache HTTP Server SSL keys (SEC-186)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10786",
"datePublished": "2019-08-06T12:56:49",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10789
Vulnerability from cvelistv5
Published
2019-08-06 12:59
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:59:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows code execution via the cpsrvd 403 error response handler (SEC-191)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10789",
"datePublished": "2019-08-06T12:59:20",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10854
Vulnerability from cvelistv5
Published
2019-08-01 14:43
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:43:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10854",
"datePublished": "2019-08-01T14:43:40",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18396
Vulnerability from cvelistv5
Published
2019-08-02 13:06
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:06:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18396",
"datePublished": "2019-08-02T13:06:34",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10856
Vulnerability from cvelistv5
Published
2019-08-01 14:41
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:41:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10856",
"datePublished": "2019-08-01T14:41:31",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18397
Vulnerability from cvelistv5
Published
2019-08-02 13:07
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:07:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18397",
"datePublished": "2019-08-02T13:07:22",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18407
Vulnerability from cvelistv5
Published
2019-08-02 13:46
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:46:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18407",
"datePublished": "2019-08-02T13:46:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18461
Vulnerability from cvelistv5
Published
2019-08-02 16:33
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.130Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:33:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows does not preserve security policy questions across an account rename (SEC-223)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18461",
"datePublished": "2019-08-02T16:33:17",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18438
Vulnerability from cvelistv5
Published
2019-08-02 16:14
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:14:48",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18438",
"datePublished": "2019-08-02T16:14:48",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20921
Vulnerability from cvelistv5
Published
2019-08-01 14:50
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM \"Delete a DNS Zone\" action (SEC-375)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:50:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS via a WHM \"Delete a DNS Zone\" action (SEC-375)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20921",
"datePublished": "2019-08-01T14:50:56",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20876
Vulnerability from cvelistv5
Published
2019-08-01 12:43
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:43:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20876",
"datePublished": "2019-08-01T12:43:05",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20911
Vulnerability from cvelistv5
Published
2019-08-01 14:41
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows code execution because \".\" is in @INC during a Perl syntax check of cpaddonsup (SEC-359)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:41:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows code execution because \".\" is in @INC during a Perl syntax check of cpaddonsup (SEC-359)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20911",
"datePublished": "2019-08-01T14:41:41",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-26111
Vulnerability from cvelistv5
Published
2020-09-25 05:40
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/90-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:06.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-25T05:40:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/90-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/90-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26111",
"datePublished": "2020-09-25T05:40:50",
"dateReserved": "2020-09-25T00:00:00",
"dateUpdated": "2024-08-04T15:49:06.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17379
Vulnerability from cvelistv5
Published
2019-10-09 15:11
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:11:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17379",
"datePublished": "2019-10-09T15:11:19",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10846
Vulnerability from cvelistv5
Published
2019-08-01 15:38
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:38:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10846",
"datePublished": "2019-08-01T15:38:04",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14390
Vulnerability from cvelistv5
Published
2019-07-30 12:47
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:47:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.2 has stored XSS in the WHM Modify Account interface (SEC-512)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14390",
"datePublished": "2019-07-30T12:47:44",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18469
Vulnerability from cvelistv5
Published
2019-08-05 12:40
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:40:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18469",
"datePublished": "2019-08-05T12:40:03",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18440
Vulnerability from cvelistv5
Published
2019-08-02 16:16
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:16:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18440",
"datePublished": "2019-08-02T16:16:29",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-9291
Vulnerability from cvelistv5
Published
2019-08-01 14:34
Modified
2024-08-06 08:43
Severity ?
EPSS score ?
Summary
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/11.52+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:43:42.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/11.52+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:34:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/11.52+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/11.52+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/11.52+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-9291",
"datePublished": "2019-08-01T14:34:03",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T08:43:42.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10851
Vulnerability from cvelistv5
Published
2019-08-01 14:48
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T14:48:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10851",
"datePublished": "2019-08-01T14:48:24",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20887
Vulnerability from cvelistv5
Published
2019-08-01 13:03
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows SQL injection during database backups (SEC-420)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:03:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows SQL injection during database backups (SEC-420)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20887",
"datePublished": "2019-08-01T13:03:26",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20951
Vulnerability from cvelistv5
Published
2019-08-01 16:18
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:27.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:18:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20951",
"datePublished": "2019-08-01T16:18:42",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:27.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14409
Vulnerability from cvelistv5
Published
2019-07-30 14:16
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:16:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.2 allows arbitrary file-read operations via Passenger adminbin (SEC-466)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14409",
"datePublished": "2019-07-30T14:16:34",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14398
Vulnerability from cvelistv5
Published
2019-07-30 14:06
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/80+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/80+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14398",
"datePublished": "2019-07-30T14:06:14",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10776
Vulnerability from cvelistv5
Published
2019-08-06 12:47
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T12:47:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10776",
"datePublished": "2019-08-06T12:47:51",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18467
Vulnerability from cvelistv5
Published
2019-08-05 11:52
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T11:52:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18467",
"datePublished": "2019-08-05T11:52:18",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18437
Vulnerability from cvelistv5
Published
2019-08-02 16:13
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/64+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:13:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/64+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/64+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18437",
"datePublished": "2019-08-02T16:13:57",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18409
Vulnerability from cvelistv5
Published
2019-08-02 13:48
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:48:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18409",
"datePublished": "2019-08-02T13:48:25",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20896
Vulnerability from cvelistv5
Published
2019-08-01 13:52
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/72+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:52:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/72+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/72+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20896",
"datePublished": "2019-08-01T13:52:01",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-20491
Vulnerability from cvelistv5
Published
2020-03-16 20:13
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T20:13:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20491",
"datePublished": "2020-03-16T20:13:25",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-05T02:39:10.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0490
Vulnerability from cvelistv5
Published
2004-06-03 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10407 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16239 | vdb-entry, x_refsource_XF | |
| http://bugzilla.cpanel.net/show_bug.cgi?id=664 | x_refsource_CONFIRM | |
| http://bugzilla.cpanel.net/show_bug.cgi?id=283 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/364112 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securiteam.com/tools/5TP0N15CUA.html | x_refsource_MISC | |
| http://www.a-squad.com/audit/explain10.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10407",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10407"
},
{
"name": "cpanel-modphpsuexec-execute-commands(16239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"
},
{
"name": "20040524 cPanel mod_phpsuexec Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/364112"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/tools/5TP0N15CUA.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.a-squad.com/audit/explain10.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker\u0027s script after the user\u0027s script, which executes the attacker\u0027s script with the user\u0027s privileges, a different vulnerability than CVE-2004-0529."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10407",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10407"
},
{
"name": "cpanel-modphpsuexec-execute-commands(16239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"
},
{
"name": "20040524 cPanel mod_phpsuexec Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/364112"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/tools/5TP0N15CUA.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.a-squad.com/audit/explain10.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker\u0027s script after the user\u0027s script, which executes the attacker\u0027s script with the user\u0027s privileges, a different vulnerability than CVE-2004-0529."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10407"
},
{
"name": "cpanel-modphpsuexec-execute-commands(16239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16239"
},
{
"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=664",
"refsource": "CONFIRM",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=664"
},
{
"name": "http://bugzilla.cpanel.net/show_bug.cgi?id=283",
"refsource": "MISC",
"url": "http://bugzilla.cpanel.net/show_bug.cgi?id=283"
},
{
"name": "20040524 cPanel mod_phpsuexec Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/364112"
},
{
"name": "http://www.securiteam.com/tools/5TP0N15CUA.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/tools/5TP0N15CUA.html"
},
{
"name": "http://www.a-squad.com/audit/explain10.html",
"refsource": "MISC",
"url": "http://www.a-squad.com/audit/explain10.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0490",
"datePublished": "2004-06-03T04:00:00",
"dateReserved": "2004-05-27T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10813
Vulnerability from cvelistv5
Published
2019-08-01 18:54
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:54:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10813",
"datePublished": "2019-08-01T18:54:18",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20883
Vulnerability from cvelistv5
Published
2019-08-01 12:56
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows FTP access during account suspension (SEC-449)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:56:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows FTP access during account suspension (SEC-449)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20883",
"datePublished": "2019-08-01T12:56:49",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2021
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-09-17 02:11
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/13996 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "13996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-21T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "13996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2021",
"datePublished": "2005-06-21T04:00:00Z",
"dateReserved": "2005-06-21T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:19.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20949
Vulnerability from cvelistv5
Published
2019-08-01 16:17
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:17:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20949",
"datePublished": "2019-08-01T16:17:13",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20948
Vulnerability from cvelistv5
Published
2019-08-01 16:16
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:16:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20948",
"datePublished": "2019-08-01T16:16:21",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14395
Vulnerability from cvelistv5
Published
2019-07-30 14:03
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/80+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:03:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/80+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14395",
"datePublished": "2019-07-30T14:03:56",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10810
Vulnerability from cvelistv5
Published
2019-08-07 12:31
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:31:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10810",
"datePublished": "2019-08-07T12:31:35",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18478
Vulnerability from cvelistv5
Published
2019-08-05 12:47
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:47:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18478",
"datePublished": "2019-08-05T12:47:50",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14406
Vulnerability from cvelistv5
Published
2019-07-30 14:13
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:41.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:13:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.18 has stored XSS in the BoxTrapper Queue Listing (SEC-493)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14406",
"datePublished": "2019-07-30T14:13:45",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:41.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20937
Vulnerability from cvelistv5
Published
2019-08-01 16:06
Modified
2024-08-05 12:19
Severity ?
EPSS score ?
Summary
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:19:26.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T16:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20937",
"datePublished": "2019-08-01T16:06:22",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:19:26.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-17375
Vulnerability from cvelistv5
Published
2019-10-09 15:08
Modified
2024-08-05 01:40
Severity ?
EPSS score ?
Summary
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T15:08:35",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17375",
"datePublished": "2019-10-09T15:08:35",
"dateReserved": "2019-10-09T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14394
Vulnerability from cvelistv5
Published
2019-07-30 14:03
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/80+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:03:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 80.0.5 allows unsafe file operations in the context of the root account via the fetch_ssl_certificates_for_fqdns API (SEC-489)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/80+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14394",
"datePublished": "2019-07-30T14:03:11",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18473
Vulnerability from cvelistv5
Published
2019-08-05 12:43
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:43:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.4 allows self XSS on the webmail Password and Security page (SEC-199)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18473",
"datePublished": "2019-08-05T12:43:53",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10817
Vulnerability from cvelistv5
Published
2019-08-01 18:51
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T18:51:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10817",
"datePublished": "2019-08-01T18:51:53",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14411
Vulnerability from cvelistv5
Published
2019-07-30 14:18
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:18:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.2 does not properly restrict demo accounts from writing to files via the DCV UAPI (SEC-473)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14411",
"datePublished": "2019-07-30T14:18:10",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10801
Vulnerability from cvelistv5
Published
2019-08-07 12:23
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 58.0.4 has improper session handling for shared users (SEC-139).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 has improper session handling for shared users (SEC-139)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:23:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 58.0.4 has improper session handling for shared users (SEC-139)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10801",
"datePublished": "2019-08-07T12:23:00",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3505
Vulnerability from cvelistv5
Published
2005-11-05 11:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/15327 | vdb-entry, x_refsource_BID | |
| http://secunia.com/secunia_research/2005-56/advisory/ | x_refsource_MISC | |
| http://www.osvdb.org/20459 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/148 | third-party-advisory, x_refsource_SREASON | |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html | mailing-list, x_refsource_FULLDISC | |
| http://securitytracker.com/id?1015157 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2005/2306 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/415722/30/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/16609 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:22.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-56/advisory/"
},
{
"name": "20459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20459"
},
{
"name": "148",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/148"
},
{
"name": "20051104 Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html"
},
{
"name": "1015157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015157"
},
{
"name": "ADV-2005-2306",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2306"
},
{
"name": "20051104 Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/415722/30/0/threaded"
},
{
"name": "16609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16609"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as \u003cb\u003e, which are processed by Internet Explorer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-56/advisory/"
},
{
"name": "20459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20459"
},
{
"name": "148",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/148"
},
{
"name": "20051104 Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html"
},
{
"name": "1015157",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015157"
},
{
"name": "ADV-2005-2306",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2306"
},
{
"name": "20051104 Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/415722/30/0/threaded"
},
{
"name": "16609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16609"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as \u003cb\u003e, which are processed by Internet Explorer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15327"
},
{
"name": "http://secunia.com/secunia_research/2005-56/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-56/advisory/"
},
{
"name": "20459",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20459"
},
{
"name": "148",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/148"
},
{
"name": "20051104 Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0124.html"
},
{
"name": "1015157",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015157"
},
{
"name": "ADV-2005-2306",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2306"
},
{
"name": "20051104 Secunia Research: cPanel Entropy Chat Script Insertion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415722/30/0/threaded"
},
{
"name": "16609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16609"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3505",
"datePublished": "2005-11-05T11:00:00",
"dateReserved": "2005-11-05T00:00:00",
"dateUpdated": "2024-08-07T23:17:22.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18424
Vulnerability from cvelistv5
Published
2019-08-02 15:42
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/66+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T15:42:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18424",
"datePublished": "2019-08-02T15:42:47",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18394
Vulnerability from cvelistv5
Published
2019-08-02 13:04
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:50.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:04:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18394",
"datePublished": "2019-08-02T13:04:57",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:50.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18404
Vulnerability from cvelistv5
Published
2019-08-02 13:12
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/68+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T13:12:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/68+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/68+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18404",
"datePublished": "2019-08-02T13:12:55",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10120
Vulnerability from cvelistv5
Published
2020-03-17 14:39
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:39:50",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10120",
"datePublished": "2020-03-17T14:39:50",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3366
Vulnerability from cvelistv5
Published
2007-06-22 18:00
Modified
2024-08-07 14:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35008 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/24586 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25722 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/35860 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:14:12.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cpanel-scgiwrap-xss(35008)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35008"
},
{
"name": "24586",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24586"
},
{
"name": "25722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25722"
},
{
"name": "35860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cpanel-scgiwrap-xss(35008)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35008"
},
{
"name": "24586",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24586"
},
{
"name": "25722",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25722"
},
{
"name": "35860",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-scgiwrap-xss(35008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35008"
},
{
"name": "24586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24586"
},
{
"name": "25722",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25722"
},
{
"name": "35860",
"refsource": "OSVDB",
"url": "http://osvdb.org/35860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3366",
"datePublished": "2007-06-22T18:00:00",
"dateReserved": "2007-06-22T00:00:00",
"dateUpdated": "2024-08-07T14:14:12.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10798
Vulnerability from cvelistv5
Published
2019-08-07 12:20
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/58+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-07T12:20:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 58.0.4 allows a file-ownership change (to nobody) via rearrangeacct (SEC-134)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/58+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/58+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10798",
"datePublished": "2019-08-07T12:20:34",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10838
Vulnerability from cvelistv5
Published
2019-08-01 15:46
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:46:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10838",
"datePublished": "2019-08-01T15:46:08",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20935
Vulnerability from cvelistv5
Published
2019-08-01 15:51
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/70+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 70.0.23 allows stored XSS in via a WHM \"Reset a DNS Zone\" action (SEC-412)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:51:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 70.0.23 allows stored XSS in via a WHM \"Reset a DNS Zone\" action (SEC-412)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/70+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/70+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20935",
"datePublished": "2019-08-01T15:51:27",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10118
Vulnerability from cvelistv5
Published
2020-03-17 14:38
Modified
2024-08-04 10:50
Severity ?
EPSS score ?
Summary
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/84+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-17T14:38:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/84+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/84+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10118",
"datePublished": "2020-03-17T14:38:10",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-18460
Vulnerability from cvelistv5
Published
2019-08-02 16:32
Modified
2024-08-05 21:20
Severity ?
EPSS score ?
Summary
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/62+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:20:51.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-02T16:32:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/62+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18460",
"datePublished": "2019-08-02T16:32:32",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T21:20:51.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6523
Vulnerability from cvelistv5
Published
2006-12-14 01:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23302 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.aria-security.com/forum/showthread.php?t=67 | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/453888/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/21497 | vdb-entry, x_refsource_BID | |
| http://securityreason.com/securityalert/2028 | third-party-advisory, x_refsource_SREASON | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30788 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23302"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.aria-security.com/forum/showthread.php?t=67"
},
{
"name": "20061208 [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453888/100/0/threaded"
},
{
"name": "21497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21497"
},
{
"name": "2028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2028"
},
{
"name": "cpanel-boxtrapper-manage-xss(30788)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23302",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23302"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.aria-security.com/forum/showthread.php?t=67"
},
{
"name": "20061208 [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453888/100/0/threaded"
},
{
"name": "21497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21497"
},
{
"name": "2028",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2028"
},
{
"name": "cpanel-boxtrapper-manage-xss(30788)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23302"
},
{
"name": "http://www.aria-security.com/forum/showthread.php?t=67",
"refsource": "MISC",
"url": "http://www.aria-security.com/forum/showthread.php?t=67"
},
{
"name": "20061208 [Aria-Security Team] cPanel BoxTrapper Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453888/100/0/threaded"
},
{
"name": "21497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21497"
},
{
"name": "2028",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2028"
},
{
"name": "cpanel-boxtrapper-manage-xss(30788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6523",
"datePublished": "2006-12-14T01:00:00",
"dateReserved": "2006-12-13T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2070
Vulnerability from cvelistv5
Published
2008-05-12 16:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42305 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/491864/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/1522/references | vdb-entry, x_refsource_VUPEN | |
| http://securityreason.com/securityalert/3866 | third-party-advisory, x_refsource_SREASON | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/29125 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/30166 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:57.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"name": "cpanel-whminterface-xss(42305)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42305"
},
{
"name": "20080509 XSS and CSRF vulnerability on Cpanel 11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"name": "ADV-2008-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"name": "3866",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3866"
},
{
"name": "20080509 XSS and CSRF vulnerability on cPanel 11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"name": "29125",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29125"
},
{
"name": "30166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered \"\u003c\" and \"\u003e\" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2"
},
{
"name": "cpanel-whminterface-xss(42305)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42305"
},
{
"name": "20080509 XSS and CSRF vulnerability on Cpanel 11",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"name": "ADV-2008-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"name": "3866",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3866"
},
{
"name": "20080509 XSS and CSRF vulnerability on cPanel 11",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"name": "29125",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29125"
},
{
"name": "30166",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered \"\u003c\" and \"\u003e\" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2",
"refsource": "MISC",
"url": "http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2"
},
{
"name": "cpanel-whminterface-xss(42305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42305"
},
{
"name": "20080509 XSS and CSRF vulnerability on Cpanel 11",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491864/100/0/threaded"
},
{
"name": "ADV-2008-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1522/references"
},
{
"name": "3866",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3866"
},
{
"name": "20080509 XSS and CSRF vulnerability on cPanel 11",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html"
},
{
"name": "29125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29125"
},
{
"name": "30166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2070",
"datePublished": "2008-05-12T16:00:00",
"dateReserved": "2008-05-05T00:00:00",
"dateUpdated": "2024-08-07T08:49:57.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20884
Vulnerability from cvelistv5
Published
2019-08-01 12:58
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:58:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20884",
"datePublished": "2019-08-01T12:58:10",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20878
Vulnerability from cvelistv5
Published
2019-08-01 12:44
Modified
2024-08-05 12:12
Severity ?
EPSS score ?
Summary
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/74+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:12:29.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 74.0.8 allows stored XSS in WHM \"File and Directory Restoration\" interface (SEC-441)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T12:44:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 74.0.8 allows stored XSS in WHM \"File and Directory Restoration\" interface (SEC-441)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/74+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/74+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20878",
"datePublished": "2019-08-01T12:44:58",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-05T12:12:29.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10774
Vulnerability from cvelistv5
Published
2019-08-05 12:57
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/60+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:55.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-05T12:57:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/60+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/60+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10774",
"datePublished": "2019-08-05T12:57:28",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:55.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10841
Vulnerability from cvelistv5
Published
2019-08-01 15:43
Modified
2024-08-06 03:38
Severity ?
EPSS score ?
Summary
The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/54+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:56.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T15:43:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bin/mkvhostspasswd script in cPanel before 11.54.0.4 discloses password hashes (SEC-73)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/54+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/54+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10841",
"datePublished": "2019-08-01T15:43:26",
"dateReserved": "2019-07-31T00:00:00",
"dateUpdated": "2024-08-06T03:38:56.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14392
Vulnerability from cvelistv5
Published
2019-07-30 14:00
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/80+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:00:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/80+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/80+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14392",
"datePublished": "2019-07-30T14:00:46",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14400
Vulnerability from cvelistv5
Published
2019-07-30 14:08
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/78+Change+Log | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T14:08:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 78.0.18 allows local users to escalate to root access because of userdata cache misparsing (SEC-479)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/78+Change+Log",
"refsource": "CONFIRM",
"url": "https://documentation.cpanel.net/display/CL/78+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14400",
"datePublished": "2019-07-30T14:08:06",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38584
Vulnerability from cvelistv5
Published
2021-08-11 22:56
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.cpanel.net/changelogs/98-change-log/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-11T22:56:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.cpanel.net/changelogs/98-change-log/",
"refsource": "MISC",
"url": "https://docs.cpanel.net/changelogs/98-change-log/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38584",
"datePublished": "2021-08-11T22:56:10",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-14386
Vulnerability from cvelistv5
Published
2019-07-30 12:38
Modified
2024-08-05 00:19
Severity ?
EPSS score ?
Summary
cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504).
References
| ▼ | URL | Tags |
|---|---|---|
| https://documentation.cpanel.net/display/CL/82+Change+Log | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:19:40.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-30T12:38:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cPanel before 82.0.2 has stored XSS in the WHM Tomcat Manager interface (SEC-504)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://documentation.cpanel.net/display/CL/82+Change+Log",
"refsource": "MISC",
"url": "https://documentation.cpanel.net/display/CL/82+Change+Log"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14386",
"datePublished": "2019-07-30T12:38:21",
"dateReserved": "2019-07-29T00:00:00",
"dateUpdated": "2024-08-05T00:19:40.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201908-1388
Vulnerability from variot
In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cpanel",
"scope": "lt",
"trust": 2.4,
"vendor": "cpanel",
"version": "66.0.2"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "57.9999.48"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "61.9999.55"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "59.9999.58"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "60.0.45"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "62.0.27"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "58.0.52"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "55.9999.61"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "56.0.51"
},
{
"model": "cpanel",
"scope": "lt",
"trust": 1.0,
"vendor": "cpanel",
"version": "64.0.33"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "65.9999.38"
},
{
"model": "cpanel",
"scope": "gte",
"trust": 1.0,
"vendor": "cpanel",
"version": "63.9999.74"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cpanel:cpanel",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
}
]
},
"cve": "CVE-2017-18428",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2017-18428",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-26002",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.0,
"id": "CVE-2017-18428",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18428",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2017-18428",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2019-26002",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-224",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18428"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNVD",
"id": "CNVD-2019-26002"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18428",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-26002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"id": "VAR-201908-1388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
}
]
},
"last_update_date": "2024-11-23T23:01:42.539000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "66 Change Log",
"trust": 0.8,
"url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
},
{
"title": "Patch for cPanel Information Disclosure Vulnerability (CNVD-2019-26002)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/173275"
},
{
"title": "cPanel Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18428"
},
{
"trust": 1.6,
"url": "https://documentation.cpanel.net/display/cl/66+change+log"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18428"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"date": "2019-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"date": "2019-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"date": "2019-08-02T16:15:12.537000",
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-26002"
},
{
"date": "2019-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014650"
},
{
"date": "2019-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-224"
},
{
"date": "2024-11-21T03:20:05.830000",
"db": "NVD",
"id": "CVE-2017-18428"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cPanel Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-224"
}
],
"trust": 0.6
}
}