CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2016-10846 cPanel before 11.54.0.4 allows arbitrary file-chown and file-chmod operations during Roundcube database conversions (SEC-79). | N/A | NONE | — | 0 |
| CVE-2016-10847 cPanel before 11.54.0.4 allows arbitrary file-read and file-write operations via scripts/fixmailboxpath (SEC-80). | N/A | NONE | — | 0 |
| CVE-2016-10848 cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | N/A | NONE | — | 0 |
| CVE-2015-9306 The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | N/A | NONE | — | 0 |
| CVE-2016-10849 cPanel before 11.54.0.4 allows certain file-chmod operations in scripts/secureit (SEC-82). | N/A | NONE | — | 0 |
| CVE-2018-20924 cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | N/A | NONE | — | 0 |
| CVE-2018-20925 cPanel before 70.0.23 allows local privilege escalation via the WHM Legacy Language File Upload interface (SEC-379). | N/A | NONE | — | 0 |
| CVE-2018-20926 cPanel before 70.0.23 allows local privilege escalation via the WHM Locale XML Upload interface (SEC-380). | N/A | NONE | — | 0 |
| CVE-2018-20927 cPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382). | N/A | NONE | — | 0 |
| CVE-2018-20928 cPanel before 70.0.23 allows stored XSS via the cpaddons vendor interface (SEC-391). | N/A | NONE | — | 0 |
| CVE-2017-18501 The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. | N/A | NONE | — | 0 |
| CVE-2018-20929 cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | N/A | NONE | — | 0 |
| CVE-2018-20930 cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401). | N/A | NONE | — | 0 |
| CVE-2018-20931 cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | N/A | NONE | — | 0 |
| CVE-2018-20932 cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | N/A | NONE | — | 0 |
| CVE-2018-20933 cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410). | N/A | NONE | — | 0 |
| CVE-2018-20934 cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | N/A | NONE | — | 0 |
| CVE-2018-20953 cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). | N/A | NONE | — | 0 |
| CVE-2018-20935 cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412). | N/A | NONE | — | 0 |
| CVE-2019-14486 GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code. | N/A | NONE | — | 0 |
| CVE-2016-10822 cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88). | N/A | NONE | — | 0 |
| CVE-2016-10823 cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89). | N/A | NONE | — | 0 |
| CVE-2016-10824 cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | N/A | NONE | — | 0 |
| CVE-2016-10825 cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | N/A | NONE | — | 0 |
| CVE-2016-10827 cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96). | N/A | NONE | — | 0 |
| CVE-2016-10828 cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97). | N/A | NONE | — | 0 |
| CVE-2016-10829 cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | N/A | NONE | — | 0 |
| CVE-2016-10830 cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | N/A | NONE | — | 0 |
| CVE-2016-10831 cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | N/A | NONE | — | 0 |
| CVE-2016-10832 cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | N/A | NONE | — | 0 |
| CVE-2016-10833 cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | N/A | NONE | — | 0 |
| CVE-2016-10834 cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | N/A | NONE | — | 0 |
| CVE-2016-10835 cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | N/A | NONE | — | 0 |
| CVE-2018-20936 cPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308). | N/A | NONE | — | 0 |
| CVE-2018-20937 cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | N/A | NONE | — | 0 |
| CVE-2018-20938 cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324). | N/A | NONE | — | 0 |
| CVE-2019-9140 When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive inform... | 8.1 | HIGH | — | 0 |
| CVE-2018-20939 cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339). | N/A | NONE | — | 0 |
| CVE-2018-20940 cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon the enabling of backups (SEC-342). | N/A | NONE | — | 0 |
| CVE-2018-20941 cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349). | N/A | NONE | — | 0 |
| CVE-2018-20942 cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351). | N/A | NONE | — | 0 |
| CVE-2018-20943 cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352). | N/A | NONE | — | 0 |
| CVE-2018-20944 cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353). | N/A | NONE | — | 0 |
| CVE-2018-20945 bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). | N/A | NONE | — | 0 |
| CVE-2018-20946 cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355). | N/A | NONE | — | 0 |
| CVE-2018-20947 cPanel before 68.0.27 allows certain file-write operations via the telnetcrt script (SEC-356). | N/A | NONE | — | 0 |
| CVE-2018-20948 cPanel before 68.0.27 allows self XSS in cPanel Backup Restoration (SEC-383). | N/A | NONE | — | 0 |
| CVE-2018-20949 cPanel before 68.0.27 allows self XSS in WHM Apache Configuration Include Editor (SEC-385). | N/A | NONE | — | 0 |
| CVE-2018-20950 cPanel before 68.0.27 allows self stored XSS in WHM Account Transfer (SEC-386). | N/A | NONE | — | 0 |
| CVE-2018-20951 cPanel before 68.0.27 allows self XSS in WHM Spamd Startup Config (SEC-387). | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.