Vulnerabilities > Cpanel > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-02 CVE-2017-18446 Out-of-bounds Write vulnerability in Cpanel
cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API (SEC-250).
network
low complexity
cpanel CWE-787
6.3
2019-08-02 CVE-2017-18445 7PK - Security Features vulnerability in Cpanel
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
network
low complexity
cpanel CWE-254
4.3
2019-08-02 CVE-2017-18444 Improper Input Validation vulnerability in Cpanel
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).
network
low complexity
cpanel CWE-20
5.3
2019-08-02 CVE-2017-18443 Improper Input Validation vulnerability in Cpanel
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).
network
low complexity
cpanel CWE-20
5.8
2019-08-02 CVE-2017-18442 Command Injection vulnerability in Cpanel
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).
network
low complexity
cpanel CWE-77
5.3
2019-08-02 CVE-2017-18441 Open Redirect vulnerability in Cpanel
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245).
network
low complexity
cpanel CWE-601
5.0
2019-08-02 CVE-2017-18440 Improper Input Validation vulnerability in Cpanel
cPanel before 64.0.21 allows demo users to execute traceroute via api2 (SEC-244).
network
low complexity
cpanel CWE-20
4.3
2019-08-02 CVE-2017-18439 Improper Input Validation vulnerability in Cpanel
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
network
low complexity
cpanel CWE-20
6.3
2019-08-02 CVE-2017-18438 XXE vulnerability in Cpanel
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
network
low complexity
cpanel CWE-611
6.3
2019-08-02 CVE-2017-18437 Injection vulnerability in Cpanel
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
local
low complexity
cpanel CWE-74
4.4