Vulnerabilities > Cpanel > High

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-17375 Insufficient Session Expiration vulnerability in Cpanel
cPanel before 82.0.15 allows API token credentials to persist after an account has been renamed or terminated (SEC-517).
network
low complexity
cpanel CWE-613
8.8
2019-08-07 CVE-2016-10812 Improper Input Validation vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/enablefileprotect exposed TTYs (SEC-117).
network
low complexity
cpanel CWE-20
8.8
2019-08-07 CVE-2016-10811 Information Exposure vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/unsuspendacct exposed TTYs (SEC-116).
network
low complexity
cpanel CWE-200
8.8
2019-08-07 CVE-2016-10810 Information Exposure vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/maildir_converter exposed a TTY to an unprivileged process (SEC-115).
network
low complexity
cpanel CWE-200
8.8
2019-08-07 CVE-2016-10809 Information Exposure vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/checkinfopages exposed a TTY to an unprivileged process (SEC-114).
network
low complexity
cpanel CWE-200
8.8
2019-08-07 CVE-2016-10808 Improper Input Validation vulnerability in Cpanel
In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113).
network
low complexity
cpanel CWE-20
8.8
2019-08-07 CVE-2016-10805 Improper Input Validation vulnerability in Cpanel
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
network
low complexity
cpanel CWE-20
8.8
2019-08-07 CVE-2016-10804 Improper Input Validation vulnerability in Cpanel
The SQLite journal feature in cPanel before 57.9999.54 allows arbitrary file-overwrite operations during Horde Restore (SEC-58).
network
low complexity
cpanel CWE-20
8.1
2019-08-07 CVE-2016-10803 CRLF Injection vulnerability in Cpanel
cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).
network
low complexity
cpanel CWE-93
7.5
2019-08-07 CVE-2016-10802 Improper Access Control vulnerability in Cpanel
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
network
low complexity
cpanel CWE-284
8.8