Show filters
425 Total Results
Displaying 51-60 of 425
Sort by:
Attacker Value
Unknown

CVE-2020-10122

Disclosure Date: March 17, 2020 (last updated November 27, 2024)
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-20494

Disclosure Date: March 17, 2020 (last updated February 21, 2025)
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-20491

Disclosure Date: March 16, 2020 (last updated November 27, 2024)
cPanel before 82.0.18 allows attackers to leverage virtual mail accounts in order to bypass account suspensions (SEC-508).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2012-6449

Disclosure Date: February 10, 2020 (last updated February 21, 2025)
The clientconf.html and detailbw.html pages in x3 in cPanel & WHM 11.34.0 (build 8) have a XSS vulnerability.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2012-6448

Disclosure Date: January 27, 2020 (last updated February 21, 2025)
Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17380

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
cPanel before 82.0.15 allows self XSS in the WHM Update Preferences interface (SEC-528).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17378

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
cPanel before 82.0.15 allows self XSS in the SSL Key Delete interface (SEC-526).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17377

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
cPanel before 82.0.15 allows self XSS in LiveAPI example scripts (SEC-524).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17379

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
cPanel before 82.0.15 allows self stored XSS in the WHM SSL Storage Manager interface (SEC-527).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17375

Disclosure Date: October 09, 2019 (last updated November 27, 2024)
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
View More Topics  < Previous  Next >