Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-01 CVE-2016-10835 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
network
low complexity
cpanel CWE-287
4.0
2019-08-01 CVE-2016-10834 Improperly Implemented Security Check for Standard vulnerability in Cpanel
cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105).
network
low complexity
cpanel CWE-358
6.5
2019-08-01 CVE-2016-10833 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
network
low complexity
cpanel CWE-287
5.0
2019-08-01 CVE-2016-10832 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
network
low complexity
cpanel CWE-287
4.0
2019-08-01 CVE-2016-10831 Improper Authentication vulnerability in Cpanel
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
network
low complexity
cpanel CWE-287
6.5
2019-08-01 CVE-2016-10830 Improper Access Control vulnerability in Cpanel
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
network
low complexity
cpanel CWE-284
5.5
2019-08-01 CVE-2016-10829 Files or Directories Accessible to External Parties vulnerability in Cpanel
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99).
network
low complexity
cpanel CWE-552
6.8
2019-08-01 CVE-2016-10825 Improperly Implemented Security Check for Standard vulnerability in Cpanel
cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92).
network
low complexity
cpanel CWE-358
5.5
2019-08-01 CVE-2018-20934 Improperly Implemented Security Check for Standard vulnerability in Cpanel
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411).
network
low complexity
cpanel CWE-358
6.4
2019-08-01 CVE-2018-20932 File and Directory Information Exposure vulnerability in Cpanel
cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406).
network
low complexity
cpanel CWE-538
4.0