Show filters
425 Total Results
Displaying 191-200 of 425
Sort by:
Attacker Value
Unknown

CVE-2017-18410

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
In cPanel before 67.9999.103, a user account's backup archive could contain all MySQL databases on the server (SEC-284).
0
0
Attacker Value
Unknown

CVE-2017-18396

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
cPanel before 68.0.15 allows arbitrary file-read operations via Exim vdomainaliases (SEC-329).
0
0
Attacker Value
Unknown

CVE-2017-18403

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
0
0
Attacker Value
Unknown

CVE-2017-18409

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
In cPanel before 67.9999.103, the backup interface could return a backup archive with all MySQL databases (SEC-283).
0
0
Attacker Value
Unknown

CVE-2017-18411

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
The "addon domain conversion" feature in cPanel before 67.9999.103 can copy all MySQL databases to the new account (SEC-285).
0
0
Attacker Value
Unknown

CVE-2017-18407

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
0
0
Attacker Value
Unknown

CVE-2017-18400

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
0
0
Attacker Value
Unknown

CVE-2017-18393

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
cPanel before 68.0.15 does not block a username of postmaster, which might allow reception of private e-mail (SEC-326).
0
0
Attacker Value
Unknown

CVE-2017-18385

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).
0
0
Attacker Value
Unknown

CVE-2017-18389

Disclosure Date: August 02, 2019 (last updated November 27, 2024)
cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
0
0
View More Topics  < Previous  Next >