Vulnerabilities > Cpanel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-01 | CVE-2016-10835 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | 4.0 |
| 2019-08-01 | CVE-2016-10834 | Improperly Implemented Security Check for Standard vulnerability in Cpanel cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | 6.5 |
| 2019-08-01 | CVE-2016-10833 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | 5.0 |
| 2019-08-01 | CVE-2016-10832 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | 4.0 |
| 2019-08-01 | CVE-2016-10831 | Improper Authentication vulnerability in Cpanel cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | 6.5 |
| 2019-08-01 | CVE-2016-10830 | Improper Access Control vulnerability in Cpanel cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100). | 5.5 |
| 2019-08-01 | CVE-2016-10829 | Files or Directories Accessible to External Parties vulnerability in Cpanel cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form processing error (SEC-99). | 6.8 |
| 2019-08-01 | CVE-2016-10825 | Improperly Implemented Security Check for Standard vulnerability in Cpanel cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | 5.5 |
| 2019-08-01 | CVE-2018-20934 | Improperly Implemented Security Check for Standard vulnerability in Cpanel cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts (SEC-411). | 6.4 |
| 2019-08-01 | CVE-2018-20932 | File and Directory Information Exposure vulnerability in Cpanel cPanel before 70.0.23 exposes Apache HTTP Server logs after creation of certain domains (SEC-406). | 4.0 |