Vulnerabilities > Cpanel
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-10 | CVE-2008-6926 | Path Traversal vulnerability in Netenberg Fantastico DE Luxe Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. | 6.8 |
| 2009-07-02 | CVE-2008-6843 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2009-07-01 | CVE-2009-2275 | Path Traversal vulnerability in Cpanel Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2008-05-01 | CVE-2008-2043 | Cross-Site Request Forgery (CSRF) vulnerability in Cpanel 11.18.3/11.19.3 Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. | 4.3 |
| 2008-03-25 | CVE-2008-1499 | Cross-Site Scripting vulnerability in Cpanel 11.18.3/11.21 Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2008-01-22 | CVE-2008-0370 | Cross-Site Scripting vulnerability in Cpanel 11.16 Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. | 4.3 |
| 2007-07-26 | CVE-2007-4022 | Cross-Site Scripting vulnerability in Cpanel 10.9.1 Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. network cpanel | 4.3 |
| 2007-06-22 | CVE-2007-3367 | Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. | 7.8 |
| 2007-06-22 | CVE-2007-3366 | Path Disclosure And Cross-Site Scripting vulnerability in CPanel SCGIwrap Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. network cpanel | 4.3 |
| 2007-02-12 | CVE-2007-0890 | Cross-Site Scripting vulnerability in CPanel PassWDMySQL Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. network cpanel | 4.3 |