Vulnerabilities > Cpanel > Cpanel > 11.51.9999.149

DATE CVE VULNERABILITY TITLE RISK
2019-08-07 CVE-2016-10805 Improper Input Validation vulnerability in Cpanel
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
network
low complexity
cpanel CWE-20
8.8
8.8
2019-08-07 CVE-2016-10804 Improper Input Validation vulnerability in Cpanel
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
network
low complexity
cpanel CWE-20
8.1
8.1
2019-08-07 CVE-2016-10802 Improper Access Control vulnerability in Cpanel
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
network
low complexity
cpanel CWE-284
8.8
8.8
2019-08-07 CVE-2016-10799 Improper Access Control vulnerability in Cpanel
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
local
low complexity
cpanel CWE-284
5.5
5.5
2019-08-06 CVE-2016-10796 Permission Issues vulnerability in Cpanel
cPanel before 58.0.4 initially uses weak permissions for Apache HTTP Server log files (SEC-130).
local
low complexity
cpanel CWE-275
3.3
3.3
2019-08-06 CVE-2016-10795 Cross-site Scripting vulnerability in Cpanel
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
network
low complexity
cpanel CWE-79
6.1
6.1
2019-08-06 CVE-2016-10794 Information Exposure vulnerability in Cpanel
cPanel before 59.9999.145 allows arbitrary file-read operations because of a multipart form processing error (SEC-154).
network
low complexity
cpanel CWE-200
6.5
6.5
2019-08-06 CVE-2016-10793 Improper Input Validation vulnerability in Cpanel
cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect #! in Mail::SPF scripts (SEC-152).
network
low complexity
cpanel CWE-20
8.8
8.8
2019-08-06 CVE-2016-10792 Improper Access Control vulnerability in Cpanel
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
network
low complexity
cpanel CWE-284
8.8
8.8
2019-08-02 CVE-2017-18426 Information Exposure Through Log Files vulnerability in Cpanel
cPanel before 66.0.2 allows resellers to read other accounts' domain log files (SEC-288).
network
low complexity
cpanel CWE-532
2.7
2.7