Vulnerabilities > Cpanel > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-03-17 CVE-2020-10120 Incorrect Authorization vulnerability in Cpanel
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
network
low complexity
cpanel CWE-863
critical
9.0
2020-03-17 CVE-2020-10115 Improper Input Validation vulnerability in Cpanel
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin.
network
low complexity
cpanel CWE-20
critical
9.0
2019-08-07 CVE-2016-10812 Improper Input Validation vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
network
low complexity
cpanel CWE-20
critical
9.0
2019-08-07 CVE-2016-10811 Information Exposure vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
network
low complexity
cpanel CWE-200
critical
9.0
2019-08-07 CVE-2016-10810 Information Exposure vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
network
low complexity
cpanel CWE-200
critical
9.0
2019-08-07 CVE-2016-10809 Information Exposure vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
network
low complexity
cpanel CWE-200
critical
9.0
2019-08-07 CVE-2016-10808 Improper Input Validation vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
network
low complexity
cpanel CWE-20
critical
9.0
2019-08-06 CVE-2016-10788 Improper Input Validation vulnerability in Cpanel
cPanel before 60.0.25 allows arbitrary code execution via Maketext in PostgreSQL adminbin (SEC-188).
network
low complexity
cpanel CWE-20
critical
9.0
2019-08-02 CVE-2017-18433 Improper Input Validation vulnerability in Cpanel
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).
network
low complexity
cpanel CWE-20
critical
9.0
2019-08-02 CVE-2017-18387 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
network
low complexity
cpanel CWE-74
critical
9.0