CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Cpanel : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2020-26108 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).
2 CVE-2020-26098 Exec Code 2020-09-25 2020-09-29
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).
3 CVE-2020-10121 Exec Code 2020-03-17 2020-03-19
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-546).
4 CVE-2020-10120 863 Exec Code 2020-03-17 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
5 CVE-2020-10119 Exec Code 2020-03-17 2020-03-19
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
6 CVE-2020-10115 20 Exec Code 2020-03-17 2021-07-21
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
7 CVE-2019-14405 Exec Code 2019-07-30 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 78.0.18 allows demo accounts to execute code via securitypolicy.cg (SEC-487).
8 CVE-2019-14401 Exec Code 2019-07-30 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 78.0.18 allows code execution via an addforward API1 call (SEC-480).
9 CVE-2019-14398 Exec Code 2019-07-30 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 80.0.5 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-498).
10 CVE-2019-14393 Exec Code 2019-07-30 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
cPanel before 80.0.5 allows local code execution in the context of a different cPanel account because of insecure cpphp execution (SEC-486).
11 CVE-2019-14392 Exec Code 2019-07-30 2020-08-24
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 80.0.22 allows remote code execution by a demo account because of incorrect URI dispatching (SEC-501).
12 CVE-2018-20931 94 Exec Code 2019-08-01 2019-08-12
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405).
13 CVE-2018-20912 20 Exec Code 2019-08-01 2019-08-02
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362).
14 CVE-2018-20911 79 Exec Code XSS 2019-08-01 2019-08-02
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup (SEC-359).
15 CVE-2018-20879 20 Exec Code 2019-08-01 2019-08-01
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 74.0.8 allows demo accounts to execute arbitrary code via the Fileman::viewfile API (SEC-444).
16 CVE-2018-20869 20 Exec Code 2019-07-30 2019-07-31
7.2
None Local Low Not required Complete Complete Complete
cPanel before 76.0.8 allows arbitrary code execution in the context of the root account via dnssec adminbin (SEC-465).
17 CVE-2018-20863 20 Exec Code 2019-07-30 2019-07-31
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 76.0.8 allows remote attackers to execute arbitrary code via mailing-list attachments (SEC-452).
18 CVE-2017-18469 20 Exec Code 2019-08-05 2019-08-08
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 62.0.17 allows demo accounts to execute code via an NVData_fetchinc API call (SEC-233).
19 CVE-2017-18468 94 Exec Code 2019-08-05 2019-08-12
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 62.0.17 allows demo accounts to execute code via the Htaccess::setphppreference API (SEC-232).
20 CVE-2017-18463 20 Exec Code 2019-08-02 2019-08-06
7.2
None Local Low Not required Complete Complete Complete
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path (SEC-225).
21 CVE-2017-18460 20 Exec Code 2019-08-02 2019-08-07
7.2
None Local Low Not required Complete Complete Complete
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221).
22 CVE-2017-18459 20 Exec Code 2019-08-02 2019-08-07
7.2
None Local Low Not required Complete Complete Complete
cPanel before 62.0.17 allows arbitrary code execution during account modification (SEC-220).
23 CVE-2017-18452 20 Exec Code 2019-08-02 2019-08-14
4.6
None Local Low Not required Partial Partial Partial
cPanel before 64.0.21 allows code execution via Rails configuration files (SEC-259).
24 CVE-2017-18447 20 Exec Code 2019-08-02 2019-08-08
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 64.0.21 allows demo accounts to execute code via the ClamScanner_getsocket API (SEC-251).
25 CVE-2017-18444 20 Exec Code 2019-08-02 2019-08-08
5.0
None Remote Low Not required None Partial None
cPanel before 64.0.21 allows demo accounts to execute SSH API commands (SEC-248).
26 CVE-2017-18442 77 Exec Code 2019-08-02 2019-08-07
5.0
None Remote Low Not required None Partial None
cPanel before 64.0.21 allows demo accounts to execute Cpanel::SPFUI API commands (SEC-246).
27 CVE-2017-18439 20 Exec Code 2019-08-02 2019-08-09
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 64.0.21 allows demo accounts to execute code via an ImageManager_dimensions API call (SEC-243).
28 CVE-2017-18438 611 Exec Code 2019-08-02 2019-08-09
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).
29 CVE-2017-18437 74 Exec Code 2019-08-02 2019-08-09
3.6
None Local Low Not required Partial Partial None
cPanel before 64.0.21 allows a Webmail account to execute code via forwarders (SEC-240).
30 CVE-2017-18435 434 Exec Code 2019-08-02 2019-08-09
7.5
None Remote Low Not required Partial Partial Partial
cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).
31 CVE-2017-18434 20 Exec Code 2019-08-02 2019-08-09
7.2
None Local Low Not required Complete Complete Complete
cPanel before 64.0.21 allows code execution in the context of the root account via a SET_VHOST_LANG_PACKAGE multilang adminbin call (SEC-237).
32 CVE-2017-18433 20 Exec Code 2019-08-02 2019-08-09
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 64.0.21 allows code execution by webmail and demo accounts via a store_filter API call (SEC-236).
33 CVE-2017-18415 20 Exec Code 2019-08-02 2019-08-12
4.6
None Local Low Not required Partial Partial Partial
cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302).
34 CVE-2017-18403 284 Exec Code 2019-08-02 2019-08-13
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 68.0.15 allows code execution in the context of the nobody account via Mailman archives (SEC-337).
35 CVE-2017-18400 77 Exec Code 2019-08-02 2019-08-13
7.2
None Local Low Not required Complete Complete Complete
cPanel before 68.0.15 allows local root code execution via cpdavd (SEC-333).
36 CVE-2017-18390 275 Exec Code 2019-08-02 2019-08-08
7.2
None Local Low Not required Complete Complete Complete
cPanel before 68.0.15 allows code execution in the context of the root account because of weak permissions on incremental backups (SEC-322).
37 CVE-2017-18387 74 Exec Code 2019-08-02 2019-08-12
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in a Reseller style upload (SEC-314).
38 CVE-2017-18386 74 Exec Code 2019-08-02 2019-08-06
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 68.0.15 allows arbitrary code execution via Maketext injection in PostgresAdmin (SEC-313).
39 CVE-2017-5613 134 Exec Code 2017-03-03 2017-03-07
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
40 CVE-2016-10858 20 Exec Code 2019-08-01 2019-08-09
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).
41 CVE-2016-10855 20 Exec Code 2019-08-01 2019-08-06
10.0
None Remote Low Not required Complete Complete Complete
cPanel before 11.54.0.4 allows unauthenticated arbitrary code execution via cpsrvd (SEC-91).
42 CVE-2016-10850 20 Exec Code 2019-08-01 2019-08-06
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83).
43 CVE-2016-10843 77 Exec Code 2019-08-01 2019-08-08
5.5
None Remote Low ??? Partial Partial None
cPanel before 11.54.0.4 allows code execution in the context of shared users via JSON-API (SEC-76).
44 CVE-2016-10840 668 Exec Code 2019-08-01 2019-08-12
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).
45 CVE-2016-10837 426 Exec Code 2019-08-01 2019-08-08
8.5
None Remote Medium ??? Complete Complete Complete
cPanel before 11.54.0.4 allows arbitrary code execution because of an unsafe @INC path (SEC-46).
46 CVE-2016-10828 22 Exec Code Dir. Trav. 2019-08-01 2019-08-07
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution because of an unsafe @INC path (SEC-97).
47 CVE-2016-10824 20 Exec Code 2019-08-01 2019-08-07
9.3
None Remote Medium Not required Complete Complete Complete
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).
48 CVE-2016-10823 20 Exec Code 2019-08-01 2019-08-07
9.0
None Remote Low ??? Complete Complete Complete
cPanel before 55.9999.141 allows arbitrary code execution in the context of the root account because of MakeText interpolation (SEC-89).
49 CVE-2016-10816 20 Exec Code 2019-08-01 2019-08-06
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 57.9999.54 allows Webmail accounts to execute arbitrary code through forwarders (SEC-121).
50 CVE-2016-10805 20 Exec Code 2019-08-07 2019-08-09
6.5
None Remote Low ??? Partial Partial Partial
cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109).
Total number of vulnerabilities : 63   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.