Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2018-20941 Information Exposure vulnerability in Cpanel
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
local
high complexity
cpanel CWE-200
5.6
2019-08-01 CVE-2018-20937 Improper Authentication vulnerability in Cpanel
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
network
low complexity
cpanel CWE-287
4.3
2019-08-01 CVE-2016-10835 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
network
low complexity
cpanel CWE-287
4.3
2019-08-01 CVE-2016-10832 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
network
low complexity
cpanel CWE-287
6.5
2019-08-01 CVE-2016-10829 Files or Directories Accessible to External Parties vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
network
low complexity
cpanel CWE-552
6.5
2019-08-01 CVE-2016-10827 Cross-site Scripting vulnerability in Cpanel
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
network
low complexity
cpanel CWE-79
5.4
2019-08-01 CVE-2016-10822 Cross-site Scripting vulnerability in Cpanel
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
network
low complexity
cpanel CWE-79
5.4
2019-08-01 CVE-2018-20935 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).
network
low complexity
cpanel CWE-79
5.4
2019-08-01 CVE-2018-20934 Improperly Implemented Security Check for Standard vulnerability in Cpanel
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
network
low complexity
cpanel CWE-358
6.5
2019-08-01 CVE-2018-20933 Cross-site Scripting vulnerability in Cpanel
cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).
network
low complexity
cpanel CWE-79
5.4