CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2019

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2018-20914 74 2019-08-01 2019-08-02
4.9
None Remote Medium ??? Partial Partial None
In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
1402 CVE-2018-20913 200 +Info 2019-08-01 2019-08-02
3.5
None Remote Medium ??? Partial None None
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
1403 CVE-2018-20912 20 Exec Code 2019-08-01 2019-08-02
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
1404 CVE-2018-20911 79 Exec Code XSS 2019-08-01 2019-08-02
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
1405 CVE-2018-20910 79 XSS 2019-08-01 2019-08-01
4.3
None Remote Medium Not required None Partial None
cPanel before 70.0.23 allows self XSS in the WHM cPAddons showsecurity Interface (SEC-357).
1406 CVE-2018-20909 732 2019-08-01 2020-08-24
3.6
None Local Low Not required Partial Partial None
cPanel before 70.0.23 allows arbitrary file-chmod operations during legacy incremental backups (SEC-338).
1407 CVE-2018-20908 732 2019-08-01 2020-08-24
2.1
None Local Low Not required Partial None None
cPanel before 71.9980.37 allows arbitrary file-read operations during pkgacct custom template handling (SEC-435).
1408 CVE-2018-20907 732 2019-08-01 2020-08-24
4.0
None Remote Low ??? None Partial None
cPanel before 71.9980.37 does not enforce the Mime::list_hotlinks API feature restriction (SEC-432).
1409 CVE-2018-20906 732 Bypass 2019-08-01 2020-08-24
4.0
None Remote Low ??? None Partial None
cPanel before 71.9980.37 allows attackers to make API calls that bypass the images feature restriction (SEC-430).
1410 CVE-2018-20905 732 Bypass 2019-08-01 2020-08-24
5.5
None Remote Low ??? Partial Partial None
cPanel before 71.9980.37 allows attackers to make API calls that bypass the backup feature restriction (SEC-429).
1411 CVE-2018-20904 732 Bypass 2019-08-01 2020-08-24
4.0
None Remote Low ??? None Partial None
cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).
1412 CVE-2018-20903 79 XSS 2019-08-01 2019-08-02
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows self XSS in the WHM Backup Configuration interface (SEC-421).
1413 CVE-2018-20902 200 +Info 2019-08-01 2019-08-02
2.1
None Local Low Not required Partial None None
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
1414 CVE-2018-20901 79 XSS 2019-08-01 2019-08-02
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows Remote-Stored XSS in WHM Save Theme Interface (SEC-400).
1415 CVE-2018-20900 79 XSS 2019-08-01 2019-08-06
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows stored XSS in the YUM autorepair functionality (SEC-399).
1416 CVE-2018-20899 79 XSS 2019-08-01 2019-08-08
4.3
None Remote Medium Not required None Partial None
cPanel before 71.9980.37 allows stored XSS in the WHM cPAddons installation interface (SEC-398).
1417 CVE-2018-20898 74 2019-08-01 2019-08-12
4.0
None Remote Low ??? None Partial None
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation (SEC-396).
1418 CVE-2018-20897 20 2019-08-01 2019-08-08
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395).
1419 CVE-2018-20896 94 2019-08-01 2019-08-07
3.3
None Local Medium Not required None Partial Partial
cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).
1420 CVE-2018-20895 20 2019-08-01 2019-08-07
6.5
None Remote Low ??? Partial Partial Partial
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393).
1421 CVE-2018-20894 200 +Info 2019-08-01 2019-08-07
2.1
None Local Low Not required Partial None None
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
1422 CVE-2018-20893 20 2019-08-01 2019-08-06
2.1
None Local Low Not required None Partial None
cPanel before 74.0.0 allows file-rename operations during account renames (SEC-442).
1423 CVE-2018-20892 2019-08-01 2020-08-24
4.0
None Remote Low ??? None Partial None
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
1424 CVE-2018-20891 20 2019-08-01 2019-08-06
4.9
None Local Low Not required Complete None None
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436).
1425 CVE-2018-20890 284 2019-08-01 2019-08-08
4.0
None Remote Low ??? None Partial None
cPanel before 74.0.0 allows arbitrary zone file modifications during record edits (SEC-426).
1426 CVE-2018-20889 200 +Info 2019-08-01 2019-08-07
3.6
None Local Low Not required Partial Partial None
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
1427 CVE-2018-20888 287 2019-08-01 2019-08-07
4.9
None Local Low Not required None Complete None
cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424).
1428 CVE-2018-20887 89 Sql 2019-08-01 2019-08-01
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).
1429 CVE-2018-20886 922 2019-08-01 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
cPanel before 74.0.0 insecurely stores phpMyAdmin session files (SEC-418).
1430 CVE-2018-20885 74 2019-08-01 2019-08-01
5.0
None Remote Low Not required None Partial None
cPanel before 74.0.0 allows Apache HTTP Server configuration injection because of DocumentRoot variable interpolation (SEC-416).
1431 CVE-2018-20884 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.0 allows stored XSS in the WHM File Restoration interface (SEC-367).
1432 CVE-2018-20883 20 2019-08-01 2019-08-02
4.0
None Remote Low ??? None Partial None
cPanel before 74.0.8 allows FTP access during account suspension (SEC-449).
1433 CVE-2018-20882 20 2019-08-01 2019-08-08
6.6
None Local Medium Not required Partial Complete Complete
cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447).
1434 CVE-2018-20881 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self stored XSS on the Security Questions login page (SEC-446).
1435 CVE-2018-20880 2019-08-01 2020-08-24
2.1
None Local Low Not required None None Partial
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).
1436 CVE-2018-20879 20 Exec Code 2019-08-01 2019-08-01
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
1437 CVE-2018-20878 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows stored XSS in WHM "File and Directory Restoration" interface (SEC-441).
1438 CVE-2018-20877 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in WHM Style Upload interface (SEC-437).
1439 CVE-2018-20876 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).
1440 CVE-2018-20875 79 XSS 2019-08-01 2019-08-01
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in the WHM Security Questions interface (SEC-433).
1441 CVE-2018-20874 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 74.0.8 allows self XSS in the WHM "Create a New Account" interface (SEC-428).
1442 CVE-2018-20873 20 2019-08-01 2019-08-08
2.1
None Local Low Not required None None Partial
cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409).
1443 CVE-2018-20858 79 XSS 2019-08-09 2019-08-15
4.3
None Remote Medium Not required None Partial None
Recommender before 2018-07-18 allows XSS.
1444 CVE-2018-20827 79 XSS 2019-08-09 2019-08-13
3.5
None Remote Medium ??? None Partial None
The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter.
1445 CVE-2018-20826 285 2019-08-09 2019-10-09
4.0
None Remote Low ??? None Partial None
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check.
1446 CVE-2018-19855 1236 2019-08-08 2020-08-24
4.3
None Remote Medium Not required None Partial None
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.
1447 CVE-2018-19386 79 XSS 2019-08-14 2019-08-27
4.3
None Remote Medium Not required None Partial None
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
1448 CVE-2018-18668 79 XSS 2019-08-26 2019-08-29
4.3
None Remote Medium Not required None Partial None
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
1449 CVE-2018-18573 94 Exec Code 2019-08-22 2019-08-28
6.5
None Remote Low ??? Partial Partial Partial
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
1450 CVE-2018-18572 434 Exec Code 2019-08-22 2019-08-29
6.5
None Remote Low ??? Partial Partial Partial
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Because of this filter, script files with certain PHP-related extensions (such as .phtml and .php5) didn't execute in the application. But this filter didn't prevent the '.pht' extension. Thus, remote authenticated administrators can upload '.pht' files for arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
Total number of vulnerabilities : 2004   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)30 31 32 33 34 35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.