RSS   Vulnerabilities for 'Cpanel'   RSS

2019-08-07
 
CVE-2016-10812

CWE-20
 

 
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).

 
 
CVE-2016-10811

CWE-200
 

 
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).

 
 
CVE-2016-10810

CWE-200
 

 
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).

 
 
CVE-2016-10809

CWE-200
 

 
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).

 
 
CVE-2016-10808

CWE-20
 

 
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).

 
 
CVE-2016-10807

CWE-20
 

 
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112).

 
 
CVE-2016-10806

CWE-79
 

 
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).

 
 
CVE-2016-10805

CWE-20
 

 
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).

 
 
CVE-2016-10804

CWE-20
 

 
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).

 
 
CVE-2016-10803

CWE-93
 

 
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

 


Copyright 2019, cxsecurity.com

 

Back to Top