Cpanel CpanelcPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-…
Cpanel CpanelIn cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelIn cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206…
Cpanel CpanelLeech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 62.0.4 has a fixed password for the Munin MySQL test account (SEC-196).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-22…
Cpanel CpanelcPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-22…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).
Cpanel CpanelIn cPanel before 62.0.17, addon domain conversion did not require a package for resellers (SEC-208).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPC…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
Cpanel CpanelcPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelIn cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account ter…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.