Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-284
Total 2377 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10792 1 Cpanel 1 Cpanel 2019-08-13 6.5 MEDIUM 8.8 HIGH
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives (SEC-141).
CVE-2017-18404 1 Cpanel 1 Cpanel 2019-08-13 4.9 MEDIUM 3.1 LOW
cPanel before 68.0.15 allows domain data to be deleted for domains with the .lock TLD (SEC-341).
CVE-2017-18403 1 Cpanel 1 Cpanel 2019-08-13 6.5 MEDIUM 6.3 MEDIUM
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
CVE-2016-10799 1 Cpanel 1 Cpanel 2019-08-13 2.1 LOW 5.5 MEDIUM
cPanel before 58.0.4 does not set the Pear tmp directory during a PHP installation (SEC-137).
CVE-2016-10838 1 Cpanel 1 Cpanel 2019-08-13 6.8 MEDIUM 6.5 MEDIUM
cPanel before 11.54.0.4 allows arbitrary file-read operations via the bin/fmq script (SEC-70).
CVE-2018-20930 1 Cpanel 1 Cpanel 2019-08-12 6.4 MEDIUM 6.5 MEDIUM
cPanel before 70.0.23 allows .htaccess restrictions bypass when Htaccess Optimization is enabled (SEC-401).
CVE-2017-18416 1 Cpanel 1 Cpanel 2019-08-12 3.6 LOW 5.5 MEDIUM
cPanel before 67.9999.103 allows arbitrary file-overwrite operations during a Roundcube SQLite schema update (SEC-303).
CVE-2016-10860 1 Cpanel 1 Cpanel 2019-08-12 5.5 MEDIUM 8.1 HIGH
cPanel before 11.54.0.0 allows unauthorized zone modification via the WHM API (SEC-66).
CVE-2016-10830 1 Cpanel 1 Cpanel 2019-08-12 5.5 MEDIUM 8.1 HIGH
cPanel before 55.9999.141 allows ACL bypass for AppConfig applications via magic_revision (SEC-100).
CVE-2016-10857 1 Cpanel 1 Cpanel 2019-08-09 4.0 MEDIUM 6.5 MEDIUM
cPanel before 11.54.0.0 allows a bypass of the e-mail sending limit (SEC-60).
CVE-2017-18457 1 Cpanel 1 Cpanel 2019-08-09 4.9 MEDIUM 4.4 MEDIUM
cPanel before 62.0.17 allows arbitrary file-read operations via WHM /styled/ URLs (SEC-218).
CVE-2016-10802 1 Cpanel 1 Cpanel 2019-08-09 6.5 MEDIUM 8.8 HIGH
cPanel before 58.0.4 allows code execution in the context of other user accounts through the PHP CGI handler (SEC-142).
CVE-2018-20938 1 Cpanel 1 Cpanel 2019-08-09 4.0 MEDIUM 2.7 LOW
cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls (SEC-324).
CVE-2018-20890 1 Cpanel 1 Cpanel 2019-08-08 4.0 MEDIUM 4.3 MEDIUM
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
CVE-2015-7577 1 Rubyonrails 2 Rails, Ruby On Rails 2019-08-08 5.0 MEDIUM 5.3 MEDIUM
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.
CVE-2016-10852 1 Cpanel 1 Cpanel 2019-08-08 4.0 MEDIUM 6.5 MEDIUM
cPanel before 11.54.0.4 lacks ACL enforcement in the AppConfig subsystem (SEC-85).
CVE-2015-9291 1 Cpanel 1 Cpanel 2019-08-07 5.0 MEDIUM 7.5 HIGH
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221).
CVE-2016-10856 1 Cpanel 1 Cpanel 2019-08-06 4.0 MEDIUM 6.5 MEDIUM
cPanel before 11.54.0.0 allows subaccounts to discover sensitive data through comet feeds (SEC-29).
CVE-2017-18384 1 Cpanel 1 Cpanel 2019-08-06 2.1 LOW 3.8 LOW
cPanel before 68.0.15 allows jailed accounts to restore files that are outside of the jail (SEC-310).
CVE-2017-18385 1 Cpanel 1 Cpanel 2019-08-06 2.1 LOW 5.5 MEDIUM
cPanel before 68.0.15 allows unprivileged users to access restricted directories during account restores (SEC-311).