Vulnerabilities > Cpanel

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2016-10831 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
network
low complexity
cpanel CWE-287
7.2
7.2
2019-08-01 CVE-2016-10830 Improper Access Control vulnerability in Cpanel
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
network
low complexity
cpanel CWE-284
8.1
8.1
2019-08-01 CVE-2016-10829 Files or Directories Accessible to External Parties vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
network
low complexity
cpanel CWE-552
6.5
6.5
2019-08-01 CVE-2016-10828 Path Traversal vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
network
low complexity
cpanel CWE-22
8.8
8.8
2019-08-01 CVE-2016-10827 Cross-site Scripting vulnerability in Cpanel
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
network
low complexity
cpanel CWE-79
5.4
5.4
2019-08-01 CVE-2016-10825 Improperly Implemented Security Check for Standard vulnerability in Cpanel
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
network
low complexity
cpanel CWE-358
8.1
8.1
2019-08-01 CVE-2016-10824 Improper Input Validation vulnerability in Cpanel
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
network
low complexity
cpanel CWE-20
critical
 9.8
9.8
2019-08-01 CVE-2016-10823 Improper Input Validation vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
network
low complexity
cpanel CWE-20
8.8
8.8
2019-08-01 CVE-2016-10822 Cross-site Scripting vulnerability in Cpanel
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
network
low complexity
cpanel CWE-79
5.4
5.4
2019-08-01 CVE-2018-20935 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
network
low complexity
cpanel CWE-79
5.4
5.4