Vulnerabilities > Cpanel > Low

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18429 7PK - Security Features vulnerability in Cpanel
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
local
low complexity
cpanel CWE-254
2.1
2019-08-02 CVE-2017-18432 Information Exposure vulnerability in Cpanel
In cPanel before 64.0.21, Horde MySQL to SQLite conversion can leak a database password (SEC-234).
local
low complexity
cpanel CWE-200
2.1
2019-08-02 CVE-2017-18392 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).
network
high complexity
cpanel CWE-20
2.1
2019-08-02 CVE-2017-18397 Permission Issues vulnerability in Cpanel
cPanel before 68.0.15 does not preserve permissions for local backup transport (SEC-330).
local
low complexity
cpanel CWE-275
2.1
2019-08-02 CVE-2017-18402 Cross-site Scripting vulnerability in Cpanel
cPanel before 68.0.15 allows stored XSS during a cpaddons moderated upgrade (SEC-336).
network
cpanel CWE-79
3.5
2019-08-02 CVE-2017-18405 Improper Input Validation vulnerability in Cpanel
cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345).
local
low complexity
cpanel CWE-20
2.1
2019-08-02 CVE-2017-18408 Cross-site Scripting vulnerability in Cpanel
cPanel before 67.9999.103 allows stored XSS in WHM MySQL Password Change interfaces (SEC-282).
network
cpanel CWE-79
3.5
2019-08-02 CVE-2017-18412 Information Exposure Through Log Files vulnerability in Cpanel
cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
local
cpanel CWE-532
1.9
2019-08-02 CVE-2017-18416 Improper Access Control vulnerability in Cpanel
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
local
low complexity
cpanel CWE-284
3.6
2019-08-02 CVE-2017-18384 Improper Access Control vulnerability in Cpanel
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
local
low complexity
cpanel CWE-284
2.1