Vulnerabilities > Cpanel > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18386 Injection vulnerability in Cpanel
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
network
low complexity
cpanel CWE-74
critical
9.0
2019-08-01 CVE-2016-10820 Improper Access Control vulnerability in Cpanel
cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).
network
low complexity
cpanel CWE-284
critical
9.0
2019-08-01 CVE-2016-10817 SQL Injection vulnerability in Cpanel
cPanel before 57.9999.54 allows SQL Injection via the ModSecurity TailWatch log file (SEC-123).
network
low complexity
cpanel CWE-89
critical
10.0
2019-08-01 CVE-2016-10828 Path Traversal vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
network
low complexity
cpanel CWE-22
critical
9.0
2019-08-01 CVE-2016-10824 Improper Input Validation vulnerability in Cpanel
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
network
cpanel CWE-20
critical
9.3
2019-08-01 CVE-2016-10823 Improper Input Validation vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
network
low complexity
cpanel CWE-20
critical
9.0
2019-08-01 CVE-2016-10848 Improper Authorization vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).
network
low complexity
cpanel CWE-285
critical
9.0
2019-08-01 CVE-2016-10840 Exposure of Resource to Wrong Sphere vulnerability in Cpanel
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
network
low complexity
cpanel CWE-668
critical
9.0
2019-08-01 CVE-2016-10858 Improper Input Validation vulnerability in Cpanel
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
network
cpanel CWE-20
critical
9.3
2019-08-01 CVE-2016-10855 Improper Input Validation vulnerability in Cpanel
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
network
low complexity
cpanel CWE-20
critical
10.0