Cpanel CpanelIn cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
Cpanel CpanelcPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
Cpanel CpanelCVE-2016-10772
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelIn cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account ter…
Cpanel CpanelIn cPanel before 66.0.2, weak log-file permissions can occur after account modification (SEC-289).
Cpanel CpanelIn cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelIn cPanel before 66.0.2, domain log files become readable after log processing (SEC-273).
Cpanel CpanelIn cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions (SEC-272…
Cpanel CpanelcPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).
Cpanel CpanelcPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mi…
Cpanel CpanelcPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310)…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 68.0.27 allows attackers to read the SRS secret via exim.conf (SEC-308).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 70.0.23 allows jailshell escape because of incorrect crontab parsing (SEC-382).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (S…
Cpanel CpanelIn cPanel before 78.0.2, a Userdata cache temporary file can conflict with domains (SEC-478).
Cpanel CpanelMaketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAP…
Cpanel CpanelMaketext in cPanel before 78.0.2 allows format-string injection in the Email store_filter UAPI (SEC-…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Cpanel CpanelcPanel before 78.0.18 unsafely determines terminal capabilities by using infocmp (SEC-481).
Cpanel CpanelAPI Analytics adminbin in cPanel before 80.0.5 allows spoofed insertions of log data (SEC-495).
Cpanel CpanelcPanel before 80.0.5 uses world-readable permissions for the Queueprocd log (SEC-494).
Cpanel CpanelcPanel before 82.0.2 does not properly enforce Reseller package creation ACLs (SEC-514).
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.