KffpvRkR

1PORT     STATE    SERVICE      REASON         VERSION
22079/tcp open     http         syn-ack ttl 51 cPanel httpd (unauthorized)
3| vulscan: VulDB - https://vuldb.com:
4| [139613] cPanel up to 57.9999.53 TTY enablefileprotect unknown vulnerability
5| [139612] cPanel up to 57.9999.53 TTY /scripts/unsuspendacct unknown vulnerability
6| [139611] cPanel up to 57.9999.53 TTY maildir_converter unknown vulnerability
7| [139610] cPanel up to 57.9999.53 TTY /scripts/checkinfopages unknown vulnerability
8| [139609] cPanel up to 57.9999.53 TTY /scripts/addpop unknown vulnerability
9| [139608] cPanel up to 57.9999.53 /scripts/killpvhost denial of service
10| [139607] cPanel up to 57.9999.53 Paper Lantern Landing Page cross site scripting
11| [139606] cPanel up to 57.9999.53 ajax_maketext_syntax_util.pl Code Execution
12| [139605] cPanel up to 57.9999.53 SQLite Journal directory traversal
13| [139604] cPanel up to 57.9999.104 LOC Record Newline Injection privilege escalation
14| [139603] cPanel up to 58.0.4 PHP CGI Code Execution
15| [139602] cPanel up to 58.0.3 Session unknown vulnerability
16| [139601] cPanel up to 58.0.3 BoxTrapper API API Call privilege escalation
17| [139599] cPanel before up to 58.0.3 unknown vulnerability
18| [139551] cPanel up to 58.0.3 Purchase and Install an SSL Certificate Page Domain information disclosure
19| [139549] cPanel up to 59.9999.144 tail_upcp2.cgi cross site scripting
20| [139548] cPanel up to 59.9999.144 Multipart Message File privilege escalation
21| [139547] cPanel up to 59.9999.144 Script Code Execution
22| [139546] cPanel up to 59.9999.144 Mailman List Archive Code Execution
23| [139545] cPanel up to 60.0.14 Password Policy denial of service
24| [139544] cPanel up to 60.0.24 HTTP POST weak encryption
25| [139543] cPanel up to 60.0.24 Error Response Code Execution
26| [139542] cPanel up to 60.0.24 Maketext Code Execution
27| [139541] cPanel up to 60.0.24 Access Control privilege escalation
28| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
29| [139539] cPanel up to 60.0.24 File Copy information disclosure
30| [139538] cPanel up to 60.0.24 Alias Upload Interface cross site scripting
31| [139537] cPanel up to 60.0.24 SSL_listkeys Stored cross site scripting
32| [139536] cPanel up to 60.0.24 postgres API1 listdbs Stored cross site scripting
33| [139535] cPanel up to 60.0.24 UI_confirm API cross site scripting
34| [139534] cPanel up to 60.0.24 ftp_sessions API Stored cross site scripting
35| [139533] cPanel up to 60.0.24 api1_listautoresponders Stored cross site scripting
36| [139532] cPanel up to 60.0.24 listftpstable API Stored cross site scripting
37| [139531] cPanel up to 60.0.24 WHM Tweak Settings for autodiscover_host cross site scripting
38| [139530] cPanel up to 60.0.24 WHM Account Termination Stored cross site scripting
39| [139495] cPanel up to 62.0.3 WHM API privilege escalation
40| [139494] cPanel up to 62.0.3 Account Suspension Stored cross site scripting
41| [139493] cPanel up to 62.0.3 WHM API API Call privilege escalation
42| [139492] cPanel up to 62.0.3 WHM SSL certificate Generation Email privilege escalation
43| [139491] cPanel up to 62.0.3 XML-API ACL privilege escalation
44| [139490] cPanel up to 62.0.3 Exim privilege escalation
45| [139489] cPanel up to 62.0.3 Leech Protect privilege escalation
46| [139488] cPanel up to 62.0.3 Exim privilege escalation
47| [139487] cPanel up to 62.0.3 Exim directory traversal
48| [139486] cPanel up to 62.0.3 WebMail cross site scripting
49| [139485] cPanel up to 62.0.3 Password Reset Reflected cross site scripting
50| [139484] cPanel up to 62.0.3 Password Change cross site scripting
51| [139483] cPanel up to 62.0.3 Test Account Default Credentials weak authentication
52| [139482] cPanel up to 62.0.16 API API Call Code Execution
53| [139481] cPanel up to 62.0.16 API setphppreference Code Execution
54| [139480] cPanel up to 62.0.16 URL Filter privilege escalation
55| [139479] cPanel up to 62.0.16 Domain privilege escalation
56| [139477] cPanel up to 62.0.16 WHM Zone Template Editor privilege escalation
57| [139476] cPanel up to 62.0.16 IP Protection Bypass privilege escalation
58| [139475] cPanel up to 60.0.24 reassign_post_terminate_cruft privilege escalation
59| [139474] cPanel up to 60.0.24 tail_ea4_migration.cgi cross site scripting
60| [139473] cPanel up to 60.0.24 Message Format String
61| [139471] cPanel up to 60.0.24 ModSecurity Audit Logfile privilege escalation
62| [139470] cPanel up to 60.0.24 RoundCube Update privilege escalation
63| [139469] cPanel up to 60.0.24 FormMail-clone.cgi Open Redirect
64| [139468] cPanel up to 60.0.24 MySQL Upgrade File privilege escalation
65| [139467] cPanel up to 60.0.24 WHM Repair Mailbox Permissions Interface Stored cross site scripting
66| [139361] cPanel up to 62.0.16 Security Policy privilege escalation
67| [139356] cPanel up to 62.0.16 WHM cPAddons showsecurity Interface cross site scripting
68| [139355] cPanel up to 62.0.16 Addon Domain Conversion privilege escalation
69| [139354] cPanel up to 62.0.23 WHM cPAddons Install Interface Stored cross site scripting
70| [139353] cPanel up to 64.0.20 Account Rename privilege escalation
71| [139351] cPanel up to 64.0.20 crontab Timing information disclosure
72| [139350] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
73| [139349] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
74| [139348] cPanel up to 64.0.20 Serverinfo_manpage API API Call directory traversal
75| [139347] cPanel up to 64.0.20 ClamScanner_getsocket API Code Execution
76| [139346] cPanel up to 64.0.20 SourceIPCheck API directory traversal
77| [139345] cPanel up to 64.0.20 SSL API API Call privilege escalation
78| [139344] cPanel up to 64.0.20 SSH API Command privilege escalation
79| [139343] cPanel up to 64.0.20 SSH Port Forwarding privilege escalation
80| [139342] cPanel up to 64.0.20 API Cpanel::SPFUI privilege escalation
81| [139341] cPanel up to 64.0.20 Demo Account Open Redirect
82| [139340] cPanel up to 64.0.20 traceroute privilege escalation
83| [139339] cPanel up to 64.0.20 ImageManager API Call Code Execution
84| [139338] cPanel up to 64.0.20 Encoding API Call Code Execution
85| [139336] cPanel up to 64.0.20 API Call Fileman::getfileactions directory traversal
86| [139335] cPanel up to 64.0.20 BoxTrapper API Code Execution
87| [139333] cPanel up to 64.0.20 Filter API API Call Code Execution
88| [139331] cPanel up to 66.0.0 Suspend privilege escalation
89| [139326] cPanel up to 66.0.1 Log File information disclosure
90| [139320] cPanel up to 66.0.1 WHM cPAddons Processing Stored cross site scripting
91| [139319] cPanel up to 66.0.1 WHM cPAddons Uninstallation Stored cross site scripting
92| [139318] cPanel up to 66.0.1 WHM cPAddons file Operation Stored cross site scripting
93| [139317] cPanel up to 66.0.1 WHM cPAddons Installation Stored cross site scripting
94| [139316] cPanel up to 67.9999.102 Roundcube SQLite Schema Update directory traversal
95| [139314] cPanel up to 67.9999.102 redirect.html Open Redirect
96| [139311] cPanel up to 67.9999.102 Addon Domain Conversion privilege escalation
97| [139310] cPanel up to 67.9999.102 Backup Archive information disclosure
98| [139309] cPanel up to 67.9999.102 Backup Interface Archive information disclosure
99| [139308] cPanel up to 67.9999.102 WHM MySQL Password Change Interfaces Stored cross site scripting
100| [139307] cPanel up to 67.9999.102 Support-Agreement Download weak authentication
101| [139306] cPanel up to 67.9999.102 eximstats sql injection
102| [139304] cPanel up to 68.0.14 Domain denial of service
103| [139303] cPanel up to 68.0.14 Mailman Archive Code Execution
104| [139302] cPanel up to 68.0.14 cpaddons Stored cross site scripting
105| [139301] cPanel up to 68.0.14 Username unknown vulnerability
106| [139299] cPanel up to 68.0.14 sqloptimizer information disclosure
107| [139298] cPanel up to 68.0.14 Hostname privilege escalation
108| [139295] cPanel up to 68.0.14 SSL Username privilege escalation
109| [139294] cPanel up to 68.0.14 Username privilege escalation
110| [139293] cPanel up to 68.0.14 Email Username privilege escalation
111| [139292] cPanel up to 68.0.14 PostgreSQL Database Collision privilege escalation
112| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
113| [139287] cPanel up to 68.0.14 Reseller Style Upload Code Execution
114| [139286] cPanel up to 68.0.14 PostgresAdmin Code Execution
115| [139282] cPanel up to 68.0.14 DNS Zone SOA Record privilege escalation
116| [139260] cPanel up to 68.0.26 WHM listips Interface cross site scripting
117| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
118| [139258] cPanel up to 68.0.26 WHM Spamd Startup Config cross site scripting
119| [139257] cPanel up to 68.0.26 WHM Account Transfer Stored cross site scripting
120| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
121| [139255] cPanel up to 68.0.26 Backup cross site scripting
122| [139252] cPanel up to 68.0.26 bin/csvprocess privilege escalation
123| [139245] cPanel up to 68.0.26 WHM API API Call privilege escalation
124| [139244] cPanel up to 68.0.26 Rename User Name information disclosure
125| [139242] cPanel up to 70.0.22 WHM Reset a DNS Zone Stored cross site scripting
126| [139241] cPanel up to 70.0.22 Account Suspension privilege escalation
127| [139240] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
128| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
129| [139238] cPanel up to 70.0.22 Landing Page Code Execution
130| [139237] cPanel up to 70.0.22 Htaccess Optimization Bypass privilege escalation
131| [139236] cPanel up to 70.0.22 redirect.html Open Redirect
132| [139235] cPanel up to 70.0.22 cpaddons Vendor Interface Stored cross site scripting
133| [139231] cPanel up to 70.0.22 WHM Style Upload privilege escalation
134| [139230] cPanel up to 70.0.22 WHM Synchronize DNS Record Stored cross site scripting
135| [139229] cPanel up to 70.0.22 WHM DNS Cleanup Stored cross site scripting
136| [139228] cPanel up to 70.0.22 WHM Delete a DNS Zone Stored cross site scripting
137| [139227] cPanel up to 70.0.22 HM Edit DNS Zone Stored cross site scripting
138| [139226] cPanel up to 70.0.22 WHM Create Account Stored cross site scripting
139| [139225] cPanel up to 70.0.22 WHM DNS Cluster Stored cross site scripting
140| [139223] cPanel up to 70.0.22 WHM Edit MX Entry Stored cross site scripting
141| [139222] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
142| [139221] cPanel up to 70.0.22 OpenID Injection privilege escalation
143| [139220] cPanel up to 70.0.22 trustclustermaster.cgi information disclosure
144| [139219] cPanel up to 70.0.22 awstats Code Execution
145| [139218] cPanel up to 70.0.22 cpaddonsup Code Execution
146| [139217] cPanel up to 70.0.22 WHM cPAddons showsecurity Interface cross site scripting
147| [139214] cPanel up to 71.9980.36 API Mime::list_hotlinks privilege escalation
148| [139213] cPanel up to 71.9980.36 Image Feature API Call privilege escalation
149| [139212] cPanel up to 71.9980.36 Backup API Call privilege escalation
150| [139211] cPanel up to 71.9980.36 cron API Call privilege escalation
151| [139210] cPanel up to 71.9980.36 WHM Backup Configuration Interface cross site scripting
152| [139208] cPanel up to 71.9980.36 WHM Save Theme Interface Stored cross site scripting
153| [139207] cPanel up to 71.9980.36 YUM Autorepair Stored cross site scripting
154| [139206] cPanel up to 71.9980.36 WHM cPAddons Installation Interface Stored cross site scripting
155| [139205] cPanel up to 71.9980.36 cPAddons Moderation Injection privilege escalation
156| [139202] cPanel up to 71.9980.36 API Token ACL unknown vulnerability
157| [139199] cPanel up to 73.x CAA Record privilege escalation
158| [139197] cPanel up to 73.x Record privilege escalation
159| [139194] cPanel up to 73.x Database Backup sql injection
160| [139190] cPanel up to 11.53.x WHM API Zone privilege escalation
161| [139189] cPanel up to 11.53.x Webmail API Password Reset privilege escalation
162| [139188] cPanel up to 11.53.x DNS NS Entry Code Execution
163| [139187] cPanel up to 11.53.x Email Sending privilege escalation
164| [139186] cPanel up to 11.53.x Comet Feed information disclosure
165| [139185] cPanel up to 11.54.0.3 cpsrvd Code Execution
166| [139184] cPanel up to 11.54.0.3 X3 Entropy Banner Interface cross site scripting
167| [139183] cPanel up to 11.54.0.3 WHM Feature Manager interface Stored cross site scripting
168| [139182] cPanel up to 11.54.0.3 AppConfig Subsystem ACL privilege escalation
169| [139181] cPanel up to 11.54.0.3 WHM PHP Configuration Editor Interface cross site scripting
170| [139180] cPanel up to 11.54.0.3 synccpaddonswithsqlhost Code Execution
171| [139179] cPanel up to 11.54.0.3 scripts/secureit privilege escalation
172| [139178] cPanel up to 11.54.0.3 scripts/quotacheck directory traversal
173| [139177] cPanel up to 11.54.0.3 scripts/fixmailboxpath directory traversal
174| [139176] cPanel up to 11.54.0.3 Roundcube Database Conversion privilege escalation
175| [139175] cPanel up to 11.54.0.3 check_system_storable directory traversal
176| [139174] cPanel up to 11.54.0.3 chcpass Password information disclosure
177| [139173] cPanel up to 11.54.0.3 JSON-API Code Execution
178| [139172] cPanel up to 11.54.0.3 setup_global_spam_filter.pl directory traversal
179| [139171] cPanel up to 11.54.0.3 bin/mkvhostspasswd information disclosure
180| [139170] cPanel up to 11.54.0.3 Duplication Code Execution
181| [139169] cPanel up to 11.54.0.3 horde_update_usernames sql injection
182| [139168] cPanel up to 11.54.0.3 bin/fmq directory traversal
183| [139167] cPanel up to 11.54.0.3 @INC Path Code Execution
184| [139166] cPanel up to 55.9999.140 Authentication directory traversal
185| [139165] cPanel up to 55.9999.140 cPHulkd privilege escalation
186| [139164] cPanel up to 55.9999.140 FTP Lockout privilege escalation
187| [139163] cPanel up to 55.9999.140 cPHulkd privilege escalation
188| [139162] cPanel up to 55.9999.140 FTP cPHulk privilege escalation
189| [139161] cPanel up to 55.9999.140 Two-factor Authentication weak authentication
190| [139160] cPanel up to 55.9999.140 ACL Bypass privilege escalation
191| [139158] cPanel up to 55.9999.140 @INC Path Code Execution
192| [139157] cPanel up to 55.9999.140 WHM Edit System Mail Preferences Stored cross site scripting
193| [139156] cPanel up to 55.9999.140 Two Factor Authentication DNS Clustering Request Bypass weak authentication
194| [139155] cPanel up to 55.9999.140 Security Policy Bypass privilege escalation
195| [139154] cPanel up to 55.9999.140 DNS NS Entry Code Execution
196| [139153] cPanel up to 55.9999.140 Maketext Code Execution
197| [139152] cPanel up to 55.9999.140 X3 Reseller Branding Image cross site scripting
198| [139151] cPanel up to 55.9999.140 Scripts/addpop information disclosure
199| [139150] cPanel up to 55.9999.140 Daemons privilege escalation
200| [139149] cPanel up to 57.9999.53 cpanellogd information disclosure
201| [139148] cPanel up to 57.9999.53 File Permission Log privilege escalation
202| [139147] cPanel up to 57.9999.53 ModSecurity TailWatch Log File sql injection
203| [139146] cPanel up to 57.9999.53 WebMail Code Execution
204| [139145] cPanel up to 57.9999.53 WebMail directory traversal
205| [139144] cPanel up to 57.9999.53 Demo Mode show_template.stor privilege escalation
206| [139143] cPanel up to 57.9999.53 FTP Account cross site scripting
207| [139142] cPanel up to 11.52.0.12 get_information_for_applications directory traversal
208| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
209| [139129] cPanel up to 73.x WHM File Restoration Interface Stored cross site scripting
210| [139128] cPanel up to 74.0.7 Account Suspension privilege escalation
211| [139126] cPanel up to 74.0.7 Security Questions Login Page Stored cross site scripting
212| [139124] cPanel up to 74.0.7 Demo Account Fileman::viewfile Code Execution
213| [139123] cPanel up to 74.0.7 File and Directory Restoration Stored cross site scripting
214| [139122] cPanel up to 74.0.7 WHM Style Upload Interface cross site scripting
215| [139121] cPanel up to 74.0.7 Site Software Moderation Interface cross site scripting
216| [139120] cPanel up to 74.0.7 WHM Security Questions Interface cross site scripting
217| [139119] cPanel up to 74.0.7 Create a New Account cross site scripting
218| [139021] cPanel up to 78.0.1 Connection Reset File privilege escalation
219| [139019] cPanel up to 78.0.1 DCV API privilege escalation
220| [139016] cPanel up to 78.0.1 Demo Account privilege escalation
221| [139015] cPanel up to 78.0.1 OpenID information disclosure
222| [139014] cPanel up to 78.0.17 BoxTrapper Queue Listing Stored cross site scripting
223| [139013] cPanel up to 78.0.17 securitypolicy.cg Code Execution
224| [139011] cPanel up to 78.0.17 Mail Relay Spam privilege escalation
225| [139009] cPanel up to 78.0.17 API Code Execution
226| [139006] cPanel up to 80.0.4 ajax_maketext_syntax_util.pl Code Execution
227| [139005] cPanel up to 80.0.4 API privilege escalation
228| [139000] cPanel up to 80.0.21 Demo Account Code Execution
229| [138998] cPanel up to 82.0.1 Modify Account Interface Stored cross site scripting
230| [138996] cPanel up to 82.0.1 Exim Log Parser privilege escalation
231| [138995] cPanel up to 82.0.1 Webmail Master Template cross site scripting
232| [138994] cPanel up to 82.0.1 WHM Tomcat Manager Interface Stored cross site scripting
233| [138974] cPanel up to 76.0.7 MultiPHP Manager Interface Stored cross site scripting
234| [138973] cPanel up to 76.0.7 Connection Open Redirect
235| [138972] cPanel up to 76.0.7 DNS Zone Stored cross site scripting
236| [138971] cPanel up to 76.0.7 Backup cross site scripting
237| [138970] cPanel up to 76.0.7 Virtual FTP Server privilege escalation
238| [138969] cPanel up to 76.0.7 Attachment Code Execution
239| [123444] cPanel up to 74 HTML Rendering index.html cross site scripting
240| [114155] Afian FileRun ?module=users&section=cpanel&page=list Parameter sql injection
241| [103771] cPanel up to 66.0.1 WHM Upload Locale Interface Filename cross site scripting
242| [95199] cPanel entropysearch.cgi information disclosure
243| [95198] cPanel entropysearch.cgi information disclosure
244| [75240] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
245| [75239] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
246| [13380] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Interfaces cross site scripting
247| [13379] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Locales ACL privilege escalation
248| [13378] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Mailman List Password change_pw weak encryption
249| [13377] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Configure Customer Contact privilege escalation
250| [13376] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering ACL privilege escalation
251| [13375] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering Commands privilege escalation
252| [13370] cPanel 11.40.1.13/11.42.1.15 Database ADDDBPRIVS Command privilege escalation
253| [13369] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Boxtrapper cgi-sys Script bxd.cgi denial of service
254| [13368] cPanel 11.40.1.13/11.42.1.15 Transfer CGI Scripts privilege escalation
255| [13367] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call serviceinfo privilege escalation
256| [13366] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call /scripts2/showservice privilege escalation
257| [13365] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 SSH Key Password privilege escalation
258| [13363] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 cgiemail 1.6 privilege escalation
259| [13361] cPanel up to 11.43.0.11/11.42.1.15/11.40.1.13 unknown vulnerability
260| [12816] cPanel 11.38.2/11.40.1/11.42.0 Modify Account Interface privilege escalation
261| [12814] cPanel 11.38.2/11.40.1/11.42.0 URL cross site scripting
262| [12813] cPanel 11.38.2/11.40.1/11.42.0 Password Reset privilege escalation
263| [12809] cPanel 11.38.2/11.40.1/11.42.0 Form Mailer Header FormMail.pl privilege escalation
264| [12808] cPanel 11.38.2/11.40.1/11.42.0 XML-API batch memory corruption
265| [12807] cPanel 11.38.2/11.40.1/11.42.0 wwwacct Interface /scripts5/wwwacct privilege escalation
266| [12806] cPanel 11.38.2/11.40.1/11.42.0 objcache Storage System Template Toolkit memory corruption
267| [12805] cPanel 11.38.2/11.40.1/11.42.0 XML information disclosure
268| [12798] cPanel 11.38.2/11.40.1/11.42.0 /cgi/cpaddons_report.pl cross site scripting
269| [12797] cPanel 11.38.2/11.40.1/11.42.0 DNS Zone Editor information disclosure
270| [12796] cPanel WHM 11.38.2/11.40.1/11.42.0 /cgi/sshcheck.cgi cross site scripting
271| [12795] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/installfp cross site scripting
272| [12794] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/uninstallfp cross site scripting
273| [12793] cPanel 11.38.2/11.40.1/11.42.0 entropysearch.cgi cross site scripting
274| [12792] cPanel 11.38.2/11.40.1/11.42.0 activate_remote_nameservers.cgi maketext privilege escalation
275| [12285] cPanel 11.38.2/11.40.1/11.42.0 filelist-thumbs.html cross site scripting
276| [12284] cPanel 11.38.2/11.40.1/11.42.0 editit.html cross site scripting
277| [12283] cPanel 11.38.2/11.40.1/11.42.0 def.html cross site scripting
278| [12282] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 DNS Cluster privilege escalation
279| [12281] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 New Account wwwacctform locale/cpmod Parameter privilege escalation
280| [12280] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/cpaddons_feature.pl cross site scripting
281| [12279] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Account Creation Ruby Code privilege escalation
282| [12278] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Backup Restore privilege escalation
283| [12277] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Bypass privilege escalation
284| [12276] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/zoneeditor.cgi Newline privilege escalation
285| [12275] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 WHM Interface /scripts/park directory traversal
286| [12274] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API get_remote_access_hash information disclosure
287| [12273] cPanel 11.36.2.9/11.38.2.12 Account Creation directory traversal
288| [12220] cPanel 11.36.2.10/11.38.2.13/11.40.0.29/11.40.1.3 WHM XML/JSON API getpkginfo information disclosure
289| [11601] cPanel WHM 11.36.2.11/11.38.2.14/11.40.0.30/11.40.1.6 XML/JSON getpkginfo information disclosure
290| [11625] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Login Security Token information disclosure
291| [11624] cPanel WHM 11.38.2.12 Branding Subsystem privilege escalation
292| [11621] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cPAddons Upgrade Password information disclosure
293| [11620] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Edit DNS Zone Interface Entry information disclosure
294| [11619] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 SSH Authentication User Name privilege escalation
295| [11618] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 X3 Theme countedit.cgi directory traversal
296| [11616] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cpsrvd HTTP Request Bypass privilege escalation
297| [11613] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Bandmin Reflected cross site scripting
298| [11612] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 API Call UI::dynamicincludelist directory traversal
299| [11609] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Config cross site request forgery
300| [11608] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Translatable Phrase Locale::Maketext privilege escalation
301| [11607] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 CSRF Protection Token Bypass cross site request forgery
302| [11606] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cross site scripting
303| [11604] cPanel WHM 11.36.2.9 Virtualhost Installation privilege escalation
304| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
305| [11017] cPanel WHM up to 11.40.0.11 SSL Certificate denial of service
306| [11016] cPanel WHM up to 11.40.0.11 Configure Customer Contact Interface Bypass privilege escalation
307| [11015] cPanel WHM up to 11.40.0.11 Bypass cross site scripting
308| [11014] cPanel WHM up to 11.40.0.11 File Upload Bypass privilege escalation
309| [11013] cPanel WHM up to 11.40.0.11 POST Request privilege escalation
310| [11011] cPanel WHM up to 11.40.0.11 Cpanel::LogMeIn weak authentication
311| [11010] cPanel WHM up to 11.40.0.11 logaholic_lang Cookie privilege escalation
312| [11007] cPanel WHM up to 11.40.0.11 Manage SSL Hosts Interface cross site request forgery
313| [9921] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 SSL Certificate privilege escalation
314| [9920] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
315| [9919] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
316| [10129] cPanel WHM up to 11.38.0.14 cross site scripting
317| [10126] cPanel WHM up to 11.38.0.14 weak authentication
318| [9361] cPanel WHM up to 11.38.0.14 Web Host Manager privilege escalation
319| [9352] cPanel WHM up to 11.38.0.8 Restore Full Backup Symlink unknown vulnerability
320| [9348] cPanel WHM up to 11.36.1.5 scripts2/ssh_doaddkey unknown vulnerability
321| [10123] cPanel WHM up to 11.36.0.9 Access Control privilege escalation
322| [10122] cPanel WHM up to 11.36.0.9 countedit.cgi cross site scripting
323| [91109] cPanel WHM v11.24.7.x cross site scripting
324| [52940] cPanel up to 11.24.7 cross site scripting
325| [86883] cPanel fileop.html cross site scripting
326| [48827] cPanel up to 11.23.1 Current index.php directory traversal
327| [48812] cPanel directory traversal
328| [49331] cPanel autoinstall4imagesgalleryupgrade.php cross site scripting
329| [42542] cPanel 11.8.6/11.23.1 memory corruption
330| [42303] cPanel up to 11.22.2 WHM Interface cross site request forgery
331| [42302] cPanel up to 11.22.2 WHM Interface cross site scripting
332| [42219] cPanel 11.18.3/11.19.3 cross site request forgery
333| [41689] cPanel 11.18.3/11.21 cross site scripting
334| [49762] cPanel 11.18.3 index.html directory traversal
335| [40642] cPanel 11.16 dohtaccess.html cross site scripting
336| [38023] cPanel 10.9.1 changepro.html cross site scripting
337| [37433] cPanel 10.9.0 Build 10300/11.4.19 Error Message information disclosure
338| [37432] cPanel 10.9.0 Build 10300/11.4.19 CGI Wrapper cross site scripting
339| [35618] cPanel 10.x directory traversal
340| [34925] cPanel WebHost Manager memory corruption
341| [34986] cPanel WebHost Manager up to 11.0.0 cross site scripting
342| [85585] cPanel scripts2/objcache memory corruption
343| [85156] cPanel WebHost Manager scripts2/objcache privilege escalation
344| [30642] cPanel privilege escalation
345| [33838] cPanel WebHost Manager 3.1.0 cross site scripting
346| [33814] cPanel 11 cross site scripting
347| [33536] cPanel WebHost Manager 3.1.0 cross site scripting
348| [84843] cPanel newuser.html cross site scripting
349| [33243] cPanel 10 seldir.html cross site scripting
350| [32973] cPanel 10.9.0 R50 cross site scripting
351| 
352| MITRE CVE - https://cve.mitre.org:
353| [CVE-2009-4823] Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
354| [CVE-2009-3316] SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
355| [CVE-2009-2275] Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
356| [CVE-2009-2168] cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
357| [CVE-2009-2167] Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
358| [CVE-2008-7142] Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
359| [CVE-2008-6927] Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
360| [CVE-2008-6926] Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action.  NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
361| [CVE-2008-6843] Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
362| [CVE-2008-4181] Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter.  NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
363| [CVE-2008-2478] ** DISPUTED **  scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box).  NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."
364| [CVE-2008-2071] Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
365| [CVE-2008-2070] The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
366| [CVE-2008-2043] Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
367| [CVE-2008-1499] Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
368| [CVE-2008-0370] Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter.  NOTE: some of these details are obtained from third party information.
369| [CVE-2007-4022] Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
370| [CVE-2007-3367] Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message.  NOTE: the provenance of this information is unknown
371| [CVE-2007-3366] Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI.  NOTE: the provenance of this information is unknown
372| [CVE-2007-1455] Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
373| [CVE-2007-0890] Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
374| [CVE-2007-0854] Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter.  NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
375| [CVE-2006-6566] PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
376| [CVE-2006-6548] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct.  NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.
377| [CVE-2006-6523] Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
378| [CVE-2006-6198] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
379| [CVE-2006-5883] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
380| [CVE-2006-5535] Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
381| [CVE-2006-5014] Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
382| [CVE-2006-4293] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
383| [CVE-2006-3337] Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
384| [CVE-2006-2825] cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
385| [CVE-2006-1119] fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
386| [CVE-2006-0763] Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
387| [CVE-2006-0574] Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
388| [CVE-2006-0573] Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html
389| [CVE-2006-0533] Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
390| [CVE-2005-3505] Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
391| [CVE-2005-2021] Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
392| [CVE-2004-2398] Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
393| [CVE-2004-2308] Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
394| [CVE-2004-1875] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html.  NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
395| [CVE-2004-1849] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
396| [CVE-2004-1770] The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
397| [CVE-2004-1769] The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
398| [CVE-2004-1604] cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
399| [CVE-2004-1603] cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
400| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
401| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
402| [CVE-2003-1426] Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
403| [CVE-2003-1425] guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
404| [CVE-2003-0521] Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
405| 
406| SecurityFocus - https://www.securityfocus.com/bid/:
407| [95395] cPanel Multiple Security Vulnerabilities
408| [90463] cPanel CVE-2004-1604 Remote Security Vulnerability
409| [85002] cPanel CVE-2008-2043 Cross-Site Request Forgery Vulnerability
410| [84099] cPanel CVE-2006-0573 Cross-Site Scripting Vulnerability
411| [84076] cPanel CVE-2006-0533 Cross-Site Scripting Vulnerability
412| [84074] cPanel CVE-2006-0574 Cross-Site Scripting Vulnerability
413| [84064] cPanel CVE-2006-0763 Cross-Site Scripting Vulnerability
414| [82752] cPanel CVE-2003-0521 Cross-Site Scripting Vulnerability
415| [80161] cPanel CVE-2006-2825 Remote Security Vulnerability
416| [67611] cPanel Multiple Unspecified Security Vulnerabilities
417| [66561] cPanel Multiple Security Vulnerabilities
418| [65618] cPanel Horde Backup Archive Insecure File Permissions Vulnerability
419| [65464] cPanel Multiple Security Vulnerabilities
420| [65159] Cpanel CloudFlare Plugin Local Security Bypass Vulnerability
421| [64511] cPanel WHM XML and JSON APIs Multiple Arbitrary File Disclosure Vulnerabilities
422| [64472] cPanel Multiple Security Vulnerabilities
423| [64016] cPanel Varnish Plugin Multiple Security Vulnerabilities
424| [63831] Add-On Domain to Main Account Convertor cPanel WHM Plugin Arbitrary Command Execution Vulnerability
425| [63829] Add-On Domain to Main Account Convertor cPanel WHM Plugin Local Privilege Escalation Vulnerability
426| [63371] cPanel Multiple Security Vulnerabilities
427| [63220] CloudFlare Plugin For cPanel Arbitrary File Write Local Privilege Escalation Vulnerability
428| [62140] cPanel Multiple Security Vulnerabilities
429| [61812] cPanel Multiple Remote Security Vulnerabilities
430| [61018] cPanel 'cpanellogd' Multiple Remote Privilege Escalation Vulnerabilities
431| [60672] WHMXtra Cpanel Xtra Plugin Unspecified Local Security Bypass Vulnerability
432| [60663] cPanel Varnish Plugin Remote Privilege Escalation Vulnerability
433| [57064] cPanel 'dir' Parameter Cross Site Scripting Vulnerability
434| [57060] cPanel and WHM Multiple Cross Site Scripting Vulnerabilities
435| [57045] cPanel 'account' Parameter Cross Site Scripting Vulnerability
436| [56818] cPanel Multiple Unspecified Vulnerabilities
437| [53757] cPanel Multiple Unspecified Vulnerabilities
438| [47621] cPanel X3 File Manager Module Cross-Site Scripting Vulnerability
439| [41723] cPanel Unspecified Cross Site Scripting Vulnerability
440| [41391] cPanel Cross-Site Request Forgery Vulnerability
441| [40622] cPanel Image Manager 'target' Parameter Local File Include Vulnerability
442| [37902] cPanel and WHM 'failurl' Parameter HTTP Response Splitting Vulnerability
443| [37394] cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
444| [35518] cPanel 'lastvisit.html' Arbitrary File Disclosure Vulnerability
445| [34142] cPanel Legacy File Manager File Name HTML Injection Vulnerability
446| [33840] cPanel HTML Injection and Cross-Site Scripting Vulnerabilities
447| [29277] cPanel 'wwwact' Remote Privilege Escalation Vulnerability
448| [29125] cPanel Multiple Cross-Site Scripting Vulnerabilities
449| [28403] cPanel 'manpage.html' Cross-Site Scripting Vulnerability
450| [28300] cPanel List Directories and Folders Information Disclosure Vulnerability
451| [27308] cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability
452| [25047] CPanel Resname Parameter Cross-Site Scripting Vulnerability
453| [24586] CPanel SCGIwrap Path Disclosure And Cross-Site Scripting Vulnerabilities
454| [22915] cPanel Multiple Local File Include Vulnerabilities
455| [22474] CPanel PassWDMySQL Cross-Site Scripting Vulnerability
456| [22455] Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
457| [21497] CPanel BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
458| [21387] CPanel Multiple HTML Injection Vulnerabilities
459| [21287] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
460| [21142] CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
461| [21027] CPanel User and Dir Parameters Multiple Cross-Site Scripting Vulnerabilities
462| [20683] CPanel Multiple Cross-Site Scripting Vulnerabilities
463| [20163] CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
464| [19624] CPanel Multiple Cross-Site Scripting Vulnerabilities
465| [18671] cPanel OnMouseover Cross-Site Scripting Vulnerability
466| [18655] Cpanel Select.HTML Cross-Site Scripting Vulnerability
467| [16482] cPanel Multiple Cross-Site Scripting Vulnerabilities
468| [15327] cPanel Chat Message Field HTML Injection Vulnerability
469| [13996] cPanel User Parameter Cross-Site Scripting Vulnerability
470| [11456] cPanel Front Page Extension Installation Information Disclosure Vulnerability
471| [11455] cPanel Front Page Extension Installation File Ownership Vulnerability
472| [11449] cPanel Remote Backup Information Disclosure Vulnerability
473| [10505] cPanel Passwd Remote SQL Injection Vulnerability
474| [10479] Multiple CPanel Perl Script Failure To Implement Taint Mode Weakness
475| [10468] cPanel Killacct Script Customer Account DNS Information Deletion Vulnerability
476| [10407] cPanel Local Privilege Escalation Vulnerability
477| [10002] cPanel Multiple Module Cross-Site Scripting Vulnerabilities
478| [9965] CPanel Multiple Cross-Site Scripting Vulnerabilities
479| [9855] cPanel Login Script Remote Command Execution Vulnerability
480| [9853] cPanel dir Parameter Cross-Site Scripting Vulnerability
481| [9848] cPanel Resetpass Remote Command Execution Vulnerability
482| [8119] CPanel Admin Interface HTML Injection Vulnerability
483| [7758] cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
484| [6885] cPanel Openwebmail Local Privileges Escalation Vulnerability
485| [6882] cPanel Guestbook.cgi Remote Command Execution Vulnerability
486| 
487| IBM X-Force - https://exchange.xforce.ibmcloud.com:
488| [85491] cPanel cpanellogd multiple privilege escalation
489| [85114] Cpanel Xtra plugin for WHMXtra unspecified security bypass
490| [80880] cPanel dir.html dir parameter cross-site scripting
491| [80854] cPanel and WHM clientconf.html and detailbw.html cross-site scripting
492| [80822] cPanel manage.html cross-site scripting
493| [80514] cPanel multiple unspecified vulns
494| [79604] cPanel Pro multiple cross-site request forgery
495| [76017] cPanel multiple unspecified
496| [71957] Whois.Cart Billing cpanel_2_log.htm information disclosure
497| [67678] cPanel savefile.html cross-site request forgery
498| [67175] cPanel X3 File Manager index.html cross-site scripting
499| [63399] cPanel saveemail.html cross-site request forgery
500| [61515] cPanel autoinstallhome.php security bypass
501| [60429] cPanel unspecified cross-site scripting
502| [60035] cPanel doaddftp.html cross-site request forgery
503| [59275] Jreservation Component for Joomla! Property-Cpanel.html cross-site scripting
504| [59274] Jreservation Component for Joomla! Property-Cpanel.html SQL Injection
505| [59216] cPanel Image Manager target parameter file include
506| [56437] cPanel addb.html cross-site request forgery
507| [55814] cPanel failurl HTTP response splitting
508| [55211] Whois.Cart cpanel_1_log.htm infomation disclosure
509| [51426] cPanel lastvisit.html directory traversal
510| [51412] Whois.Cart cpanel_1_log.htm information disclosure
511| [51366] EgyPlus 7ml cpanel/login.php authentication bypass
512| [49293] cPanel file manager cross-site scripting
513| [48832] cPanel WHM interface cross-site request forgery
514| [48831] cPanel scripts2/confdkillproc cross-site scripting
515| [48830] cPanel .contactemail file cross-site scripting
516| [46991] cPanel index.php directory traversal
517| [46253] cPanel autoinstall4imagesgalleryupgrade.php cross-site scripting
518| [46252] cPanel autoinstall4imagesgalleryupgrade.php file include
519| [45147] Fantastico De Luxe module for cPanel xml.php file include
520| [42529] cPanel wwwact privilege escalation
521| [42306] cPanel WHM interface cross-site request forgery
522| [42305] cPanel WHM interface cross-site scripting
523| [42114] cPanel HTTP requests cross-site request forgery
524| [41374] cPanel manpage.html cross-site scripting
525| [41266] cPanel index.php showtree parameter information disclosure
526| [39711] cPanel Hosting Manager dohtaccess.html cross-site scripting
527| [35652] cPanel changepro.html cross-site scripting
528| [35009] cPanel scgiwrap (Simple CGI Wrapper) path disclosure
529| [35008] cPanel scgiwrap (Simple CGI Wrapper) cross-site scripting
530| [32933] cPanel load_language.php and mysqlconfig.php file include
531| [32462] cPanel passwdmysql cross-site scripting
532| [32400] cPanel and WebHost Manager (WHM) Module scripts2/objcache cross-site scripting
533| [30821] mxBB Cpanel Profile Module profilcp_constants.php file include
534| [30793] cPanel pops.html cross-site scripting
535| [30788] cPanel BoxTrapper manage.html cross-site scripting
536| [30493] cPanel multiple scripts cross-site scripting
537| [30413] cPanel Network Tools dnslook.html cross-site scripting
538| [30229] cPanel user parameter cross-site scripting
539| [29808] cPanel theme parameter cross-site scripting
540| [29249] cPanel unspecified privilege escalation
541| [28447] cPanel dohtaccess.html, editit.html and showfile.html cross-site scripting
542| [27403] cPanel files/select.html cross-site scripting
543| [26613] cPanel OpenBaseDir phpshell.php security bypass
544| [25277] cPanel fantastico path disclosure
545| [24839] cPanel dowebmailforward.cgi cross-site scripting
546| [24580] cPanel admin username disclosure
547| [24468] cPanel multiple scripts allow cross-site scripting
548| [22993] cPanel Entropy Chat script can allow cross-site scripting
549| [21781] cPanel administrator password allows domain access
550| [21084] cPanel cpsrvd.pl cross-site scripting
551| [17837] cPanel allows attacker to brute force account passwords
552| [17781] cPanel _private modify permissions
553| [17780] cPanel .htaccess modify ownership of files
554| [17779] cPanel backup could allow an attacker to view files
555| [16410] cPanel passwd allows password modification
556| [16381] cPanel taint weak security
557| [16347] cPanel suEXEC allows command execution
558| [16325] cPanel killacct account deletion
559| [16239] cPanel mod_phpsuexec allows command execution
560| [16197] cPanel Fantastico information disclosure
561| [15671] cPanel multiple scripts cross-site scripting
562| [15517] cPanel dodelautores.html or addhandle.html cross-site scripting
563| [15486] cPanel login scripts allows command execution
564| [15485] cPanel dir parameter allows cross-site scripting
565| [15443] cPanel resetpass section allows execution of commands
566| [12508] cPanel Error Log and Latest Visitors page cross-site scripting
567| [12237] cPanel Formail-clone domain name bypass allows email relaying
568| [11357] cPanel SCRIPT_FILENAME privilege elevation
569| [11356] cPanel guestbook.cgi command execution
570| 
571| Exploit-DB - https://www.exploit-db.com:
572| [30380] CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability
573| [29572] CPanel <= 11 PassWDMySQL Cross-Site Scripting Vulnerability
574| [29238] cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
575| [29237] CPanel 11 BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
576| [29188] cPanel WebHost Manager 3.1 park ndomain Parameter XSS
577| [29187] cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS
578| [29186] cPanel WebHost Manager 3.1 editzone domain Parameter XSS
579| [29185] cPanel WebHost Manager 3.1 domts2 domain Parameter XSS
580| [29184] cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS
581| [29183] cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS
582| [29182] cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS
583| [29181] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
584| [29071] CPanel 10 DNSlook.HTML Cross-Site Scripting Vulnerability
585| [28983] cPanel 10 newuser.html Multiple Parameter XSS
586| [28982] cPanel 10 seldir.html dir Parameter XSS
587| [28844] cPanel 10.9 editzonetemplate template Parameter XSS
588| [28843] cPanel 10.9 dosetmytheme theme Parameter XSS
589| [28660] CPanel 5-10 SUID Wrapper Remote Privilege Escalation Vulnerability
590| [28415] cPanel 10.x showfile.html file Parameter XSS
591| [28414] cPanel 10.x editit.html file Parameter XSS
592| [28413] cPanel 10.x dohtaccess.html dir Parameter XSS
593| [28113] cPanel 10.8.1/10.8.2 OnMouseover Cross-Site Scripting Vulnerability
594| [28107] Cpanel 10 Select.HTML Cross-Site Scripting Vulnerability
595| [27162] cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
596| [25846] cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability
597| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
598| [24183] cPanel 5-9 Passwd Remote SQL Injection Vulnerability
599| [24172] cPanel 5-9 Killacct Script Customer Account DNS Information Deletion Vulnerability
600| [24141] cPanel 5-9 Local Privilege Escalation Vulnerability
601| [23807] cPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability
602| [23806] cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability
603| [23804] cPanel 5/6/7/8/9 Resetpass Remote Command Execution Vulnerability
604| [22874] CPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability
605| [22693] cPanel 5/6,Formail-Clone E-Mail Restriction Bypass Vulnerability
606| [22265] cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability
607| [22263] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
608| [22262] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (3)
609| [22261] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
610| [22260] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (1)
611| [17330] cPanel < 11.25 CSRF - Add User php Script
612| [15593] Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit
613| [14854] MOAUB #1 - Cpanel PHP Restriction Bypass Vulnerability 0day
614| [14188] Cpanel 11.25 - CSRF Add FTP Account Exploit
615| [11527] cPanel Multiple CSRF Vulnerabilities
616| [11211] cPanel HTTP Response Splitting Vulnerability
617| [9039] Cpanel - (lastvisit.html domain) Arbitrary File Disclosure Vulnerability (auth)
618| [6897] cpanel 11.x XSS / Local File Inclusion Vulnerability
619| [6461] Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
620| [3459] cPanel <= 10.9.x (fantastico) Local File Inclusion Vulnerabilities
621| [2554] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
622| [2466] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit
623| 
624| OpenVAS (Nessus) - http://www.openvas.org:
625| No findings
626| 
627| SecurityTracker - https://www.securitytracker.com:
628| [1028743] cPanel Flaws in Archive Function Let Local Users Gain Elevated Privileges
629| [1027928] cPanel Input Validation Flaws in 'clientconf.html' and 'detailbw.html' Permit Cross-Site Scripting Attacks
630| [1027923] cPanel Input Validation Flaw in 'account' Parameter Permits Cross-Site Scripting Attacks
631| [1027839] cPanel Unspecified Flaws Have Unspecified Impact
632| [1027111] cPanel Unspecified Flaws Have Unspecified Impact
633| [1024382] cPanel Error in 'autoinstallhome.php' Lets Local Users Bypass PHP Restrictions
634| [1022490] cPanel Input Validation Flaw in 'lastvisit.html' Lets Remote Users View Files
635| [1020042] cPanel Input Validation Flaw in 'Email' Parameter Lets Local Users Gain Elevated Privileges
636| [1016913] cPanel Bug Lets Remote Authenticated Users Gain Root Access
637| [1016383] cPanel Input Validation Flaw in 'select.html' Permits Cross-Site Scripting Attacks
638| [1015589] cPanel 'mime/handle.html' Input Validation Bug Permits Cross-Site Scripting Attacks
639| [1015157] cPanel Input Validation Hole in Entropy Chat Permits Cross-Site Scripting Attacks
640| [1014633] cPanel Domain Access Control Flaw May Let Remote Users Access Other Domains in Certain Cases
641| [1011877] cPanel Webmail Only Requires First Eight Characters of Password
642| [1011762] cPanel Backup and FrontPage Management Bugs Let Remote Authenticated Users View, Edit, and Own Arbitrary Files
643| [1010449] cPanel Access Control Flaw Lets Remote Authenticated Users Make Unauthorized Database Password Changes
644| [1010411] cPanel suEXEC Flaw May Let Remote Authenticated Users Execute Abitrary Code
645| [1010398] cPanel 'killacct' May Let Remote Authenticated Administrators Delete Accounts Belonging to Other Administrators
646| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
647| [1009541] cPanel 'dodelautores.html' and 'addhandle.html' Input Validation Flaws Permit Cross-Site Scripting Attacks
648| [1009402] cPanel 'dohtaccess' Input Validation Flaw Permits Cross-Site Scripting Attacks
649| [1009400] cPanel Password Reset and Login Features Let Remote Users Execute Arbitrary Commands With Root Privileges
650| [1007113] cPanel Log File Filtering Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators
651| [1006127] cPanel Web Hosting Control Panel Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Root Privileges
652| 
653| OSVDB - http://www.osvdb.org:
654| [96167] SecPanel Unspecified User Plaintext Local Password Disclosure
655| [96166] cPanel WHM Suspend Function Arbitrary Account Lockout Local DoS
656| [96165] cPanel WHM Purchase and Install an SSL Certificate Feature Arbitrary File Overwrite
657| [96164] cPanel WHM Unspecified Arbitrary Domain Manipulation
658| [96163] cPanel WHM Unspecified Arbitrary DNS Zone Modification
659| [94918] cPanel cpanellogd Cpanel::Logs::prep_logs_path Archive Creation Local Privilege Escalation
660| [94904] RVSiteBuilder Plugin for cPanel Unspecified Symlink Local Privilege Escalation
661| [94903] RVSkin rvwrapper Arbitrary cPanel Account Manipulation
662| [94902] RVSiteBuilder Plugin for cPanel Unspecified Hardlink Arbitrary File Access
663| [94884] cPanel Web Host Manager (WHM) locale Function Privilege Escalation
664| [94868] cPanel Restore a Full Backup/cpmove File Feature Crafted Archive Restoration Symlink Arbitrary File Access
665| [94865] cPremote Plugin for cPanel Unauthorized User Backup Service Access
666| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
667| [94859] cPanel /scripts2/ssh_doaddkey Arbitrary SSH Key Overwrite DoS
668| [94427] WHMXtra Ultimate Pro Cpanel Xtra Plugin Arbitrary File Manipulation
669| [94333] Varnish Plugin for cPanel Advanced Configuration Page Remote Privilege Escalation
670| [88872] cPanel WebHost Manager (WHM) /webmail/x3/mail/filters/editfilter.html filtername Parameter XSS
671| [88820] cPanel dir.html dir Parameter XSS
672| [88773] cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS
673| [88749] cPanel frontend/x3/mail/manage.html account Parameter XSS
674| [88125] cPanel Multiple Unspecified Issues
675| [82646] cPanel cPDAVd Filename Parsing Remote Code Execution
676| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
677| [80801] Almnzm /admincpanel/index.php Arbitrary Admin Creation CSRF
678| [68373] cPanel Local safe_mode Bypass
679| [67159] cPanel Unspecified XSS
680| [61954] cPanel login/index.php failurl Parameter HTTP Response Splitting
681| [61231] cPanel frontend/x3/files/fileop.html fileop Parameter XSS
682| [56919] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php scriptpath_show Parameter Traversal Local File Inclusion
683| [55545] Fantastico for cPanel index.php sup3r Parameter Traversal Arbitrary File Access
684| [55515] cPanel frontend/x3/stats/lastvisit.html domain Parameter Traversal Arbitrary File Access
685| [55301] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
686| [55286] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
687| [54356] Fantastico De Luxe Module for cPanel language.php Manipulation Privilege Escalation
688| [53264] cPanel Legacy File Manager Filename XSS
689| [53263] cPanel Standard File Manager Filename XSS
690| [52253] cPanel Module Installation Function CSRF
691| [52252] cPanel Password Change Function CSRF
692| [52251] cPanel scripts2/confdkillproc Query String XSS
693| [52250] cPanel .contactemail Local File XSS
694| [51582] cPanel Disk Usage Module frontend/x/diskusage/index.html showtree Parameter Traversal Arbitrary Directory Listing
695| [49518] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php Multiple Parameter XSS
696| [48126] Fantastico De Luxe Module for cPanel includes/xml.php fantasticopath Parameter Local File Inclusion
697| [45816] cPanel scripts/wwwacct Email Address Field Arbitrary Shell Command Execution
698| [45068] WHM Interface for cPanel cpanel/whm/webmail CSRF
699| [45067] WHM Interface for cPanel scripts2/listaccts search Parameter XSS
700| [45066] WHM Interface for cPanel scripts2/changeip user Parameter XSS
701| [45065] WHM Interface for cPanel scripts2/knowlegebase issue Parameter XSS
702| [44848] cPanel frontend/x2/ftp/doaddftp.html command1 Parameter CSRF
703| [44847] cPanel frontend/x2/sql/adduser.html command1 Parameter CSRF
704| [44846] cPanel frontend/x2/sql/adddb.html command1 Parameter CSRF
705| [44845] cPanel frontend/x2/cron/editcronsimple.html command1 Parameter CSRF
706| [43854] cPanel frontend/x/manpage.html Query String XSS
707| [40512] cPanel dohtaccess.html rurl Parameter XSS
708| [39286] Dada Mail cpanel Mass Add/DL Subscriber XSS
709| [36468] cPanel frontend/x/htaccess/changepro.html resname Parameter XSS
710| [35861] cPanel Simple CGI Wrapper Direct Request Path Disclosure
711| [35860] cPanel Simple CGI Wrapper URI XSS
712| [35750] cPanel scripts2/objcache objcache Parameter Remote File Inclusion
713| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
714| [35036] Fantastico for cPanel includes/load_language.php userlanguage Parameter Traversal Local File Inclusion
715| [33240] cPanel WebHost Manager (WHM) scripts2/objcache obj Variable Arbitrary Limited File Overwrite
716| [33239] cPanel WebHost Manager (WHM) scripts/rearrangeacct domain Parameter XSS
717| [33238] cPanel WebHost Manager (WHM) scripts2/dofeaturemanager feature Parameter XSS
718| [33237] cPanel WebHost Manager (WHM) scripts2/limitbw domain Parameter XSS
719| [33236] cPanel WebHost Manager (WHM) scripts2/changeemail domain Parameter XSS
720| [33235] cPanel err/erredit.html dir Parameter XSS
721| [33234] cPanel cpanelpro/dohtaccess.html dir Parameter XSS
722| [33233] cPanel mail/pops.html domain Parameter XSS
723| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
724| [32043] cPanel scripts2/objcache objcache Parameter XSS
725| [32042] cPanel BoxTrapper /mail/manage.html account Parameter XSS
726| [31835] cPanel PHP OpenBaseDir Configuration Local Access Restriction Bypass
727| [31757] cPanel WebHost Manager (WHM) park ndomain Parameter XSS
728| [31756] cPanel WebHost Manager (WHM) dofeaturemanager feature Parameter XSS
729| [31755] cPanel WebHost Manager (WHM) editzone domain Parameter XSS
730| [31754] cPanel WebHost Manager (WHM) domts2 domain Parameter XSS
731| [31753] cPanel WebHost Manager (WHM) editpkg pkg Parameter XSS
732| [31752] cPanel WebHost Manager (WHM) addon_configsupport.cgi supporturl Parameter XSS
733| [31751] cPanel WebHost Manager (WHM) dochangeemail email Parameter XSS
734| [30586] cPanel dnslook.html dns Parameter XSS
735| [30387] cPanel newuser.html Multiple Parameter XSS
736| [30386] cPanel seldir.html dir Parameter XSS
737| [30048] cPanel editzonetemplate template Parameter XSS
738| [30047] cPanel dosetmytheme theme Parameter XSS
739| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
740| [29072] cPanel Multiple Password User Authentication Weakness
741| [28043] cPanel showfile.html file Parameter XSS
742| [28042] cPanel editit.html file Parameter XSS
743| [28041] cPanel dohtaccess.html dir Parameter XSS
744| [26866] cPanel select.html file Parameter XSS
745| [24056] Fantastico cPanel Add-on Script Installation Failure Path Disclosure
746| [22972] cPanel Null Login Administrator Username Disclosure
747| [22971] cPanel dowebmailforward.cgi fwd Parameter XSS
748| [22940] cPanel handle.html Multiple Field XSS
749| [22939] cPanel detailbw.html target Parameter XSS
750| [22938] cPanel diskusage.html showtree Parameter XSS
751| [22937] cPanel dodelpop.html email Parameter XSS
752| [22936] cPanel editquota.html email Parameter XSS
753| [22906] cPanel webmailaging.cgi numdays Parameter XSS
754| [20459] cPanel Entropy Chat Message Field XSS
755| [18661] cPanel Common Password Cross Domain Privilege Escalation
756| [17399] cPanel cpsrvd.pl user Parameter XSS
757| [15298] cPanel/WHM SSH Port Forwarding Anonymous Proxy
758| [11043] cPanel Webmail Truncated Password Weakness
759| [10962] cPanel Frontpage _private Symlink Arbitrary File Permission Modification
760| [10961] cPanel Frontpage .htaccess Hardlink Arbitrary File Owernship Modification
761| [10960] cPanel Backup Feature Hardlink Arbitrary File Access
762| [7665] cPanel whm Password File Locking Issue
763| [7006] cPanel passwd Script Unauthorized Database Password Change
764| [6946] cPanel detailbw.html Multiple Parameter XSS
765| [6945] cPanel detailsubbw.html Multiple Parameter XSS
766| [6944] cPanel bwday.html Multiple Parameter XSS
767| [6943] cPanel detailsubbw.html View Unauthorized Domain Statistics
768| [6942] cPanel bwday.html View Unauthorized Domain Statistics
769| [6941] cPanel detailbw.html View Unauthorized Domain Statistics
770| [6940] cPanel suEXEC Privilege Escalation
771| [6712] cPanel killacct Script Arbitrary DNS Deletion
772| [6418] cPanel mod_phpsuexec Arbitrary Code Execution
773| [4530] cPanel addhandle.html handle Parameter XSS
774| [4529] cPanel dodelautores.html email Parameter XSS
775| [4244] cPanel htaccess/index.html dir Parameter XSS
776| [4243] cPanel del.html account Parameter XSS
777| [4222] cPanel Formail-clone E-Mail Relay
778| [4220] cPanel guestbook.cgi template Variable Arbitrary Command Execution
779| [4219] cPanel dohtaccess.html dir Parameter XSS
780| [4218] cPanel Login Page user Parameter Arbitrary Command Execution
781| [4217] cPanel editmsg.html Arbitrary File Access
782| [4216] cPanel erredit.html Arbitrary File Access
783| [4215] cPanel editmsg.html account Parameter XSS
784| [4214] cPanel doaddftp.html login Parameter XSS
785| [4213] cPanel repairdb.html db Parameter XSS
786| [4212] cPanel showlog.html account Parameter XSS
787| [4211] cPanel ignorelist.html account Parameter XSS
788| [4210] cPanel dnslook.html dns Parameter XSS
789| [4209] cPanel erredit.html file Parameter XSS
790| [4208] cPanel testfile.html email Parameter XSS
791| [4205] cPanel resetpass Arbitrary Command Execution
792| [2277] cPanel Error Log Malicious HTML Tags Injection
793|_
7942080/tcp open     ssl/http     syn-ack ttl 51 cPanel httpd (unauthorized)
795|_http-server-header: cPanel
796| vulscan: VulDB - https://vuldb.com:
797| [139613] cPanel up to 57.9999.53 TTY enablefileprotect unknown vulnerability
798| [139612] cPanel up to 57.9999.53 TTY /scripts/unsuspendacct unknown vulnerability
799| [139611] cPanel up to 57.9999.53 TTY maildir_converter unknown vulnerability
800| [139610] cPanel up to 57.9999.53 TTY /scripts/checkinfopages unknown vulnerability
801| [139609] cPanel up to 57.9999.53 TTY /scripts/addpop unknown vulnerability
802| [139608] cPanel up to 57.9999.53 /scripts/killpvhost denial of service
803| [139607] cPanel up to 57.9999.53 Paper Lantern Landing Page cross site scripting
804| [139606] cPanel up to 57.9999.53 ajax_maketext_syntax_util.pl Code Execution
805| [139605] cPanel up to 57.9999.53 SQLite Journal directory traversal
806| [139604] cPanel up to 57.9999.104 LOC Record Newline Injection privilege escalation
807| [139603] cPanel up to 58.0.4 PHP CGI Code Execution
808| [139602] cPanel up to 58.0.3 Session unknown vulnerability
809| [139601] cPanel up to 58.0.3 BoxTrapper API API Call privilege escalation
810| [139599] cPanel before up to 58.0.3 unknown vulnerability
811| [139551] cPanel up to 58.0.3 Purchase and Install an SSL Certificate Page Domain information disclosure
812| [139549] cPanel up to 59.9999.144 tail_upcp2.cgi cross site scripting
813| [139548] cPanel up to 59.9999.144 Multipart Message File privilege escalation
814| [139547] cPanel up to 59.9999.144 Script Code Execution
815| [139546] cPanel up to 59.9999.144 Mailman List Archive Code Execution
816| [139545] cPanel up to 60.0.14 Password Policy denial of service
817| [139544] cPanel up to 60.0.24 HTTP POST weak encryption
818| [139543] cPanel up to 60.0.24 Error Response Code Execution
819| [139542] cPanel up to 60.0.24 Maketext Code Execution
820| [139541] cPanel up to 60.0.24 Access Control privilege escalation
821| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
822| [139539] cPanel up to 60.0.24 File Copy information disclosure
823| [139538] cPanel up to 60.0.24 Alias Upload Interface cross site scripting
824| [139537] cPanel up to 60.0.24 SSL_listkeys Stored cross site scripting
825| [139536] cPanel up to 60.0.24 postgres API1 listdbs Stored cross site scripting
826| [139535] cPanel up to 60.0.24 UI_confirm API cross site scripting
827| [139534] cPanel up to 60.0.24 ftp_sessions API Stored cross site scripting
828| [139533] cPanel up to 60.0.24 api1_listautoresponders Stored cross site scripting
829| [139532] cPanel up to 60.0.24 listftpstable API Stored cross site scripting
830| [139531] cPanel up to 60.0.24 WHM Tweak Settings for autodiscover_host cross site scripting
831| [139530] cPanel up to 60.0.24 WHM Account Termination Stored cross site scripting
832| [139495] cPanel up to 62.0.3 WHM API privilege escalation
833| [139494] cPanel up to 62.0.3 Account Suspension Stored cross site scripting
834| [139493] cPanel up to 62.0.3 WHM API API Call privilege escalation
835| [139492] cPanel up to 62.0.3 WHM SSL certificate Generation Email privilege escalation
836| [139491] cPanel up to 62.0.3 XML-API ACL privilege escalation
837| [139490] cPanel up to 62.0.3 Exim privilege escalation
838| [139489] cPanel up to 62.0.3 Leech Protect privilege escalation
839| [139488] cPanel up to 62.0.3 Exim privilege escalation
840| [139487] cPanel up to 62.0.3 Exim directory traversal
841| [139486] cPanel up to 62.0.3 WebMail cross site scripting
842| [139485] cPanel up to 62.0.3 Password Reset Reflected cross site scripting
843| [139484] cPanel up to 62.0.3 Password Change cross site scripting
844| [139483] cPanel up to 62.0.3 Test Account Default Credentials weak authentication
845| [139482] cPanel up to 62.0.16 API API Call Code Execution
846| [139481] cPanel up to 62.0.16 API setphppreference Code Execution
847| [139480] cPanel up to 62.0.16 URL Filter privilege escalation
848| [139479] cPanel up to 62.0.16 Domain privilege escalation
849| [139477] cPanel up to 62.0.16 WHM Zone Template Editor privilege escalation
850| [139476] cPanel up to 62.0.16 IP Protection Bypass privilege escalation
851| [139475] cPanel up to 60.0.24 reassign_post_terminate_cruft privilege escalation
852| [139474] cPanel up to 60.0.24 tail_ea4_migration.cgi cross site scripting
853| [139473] cPanel up to 60.0.24 Message Format String
854| [139471] cPanel up to 60.0.24 ModSecurity Audit Logfile privilege escalation
855| [139470] cPanel up to 60.0.24 RoundCube Update privilege escalation
856| [139469] cPanel up to 60.0.24 FormMail-clone.cgi Open Redirect
857| [139468] cPanel up to 60.0.24 MySQL Upgrade File privilege escalation
858| [139467] cPanel up to 60.0.24 WHM Repair Mailbox Permissions Interface Stored cross site scripting
859| [139361] cPanel up to 62.0.16 Security Policy privilege escalation
860| [139356] cPanel up to 62.0.16 WHM cPAddons showsecurity Interface cross site scripting
861| [139355] cPanel up to 62.0.16 Addon Domain Conversion privilege escalation
862| [139354] cPanel up to 62.0.23 WHM cPAddons Install Interface Stored cross site scripting
863| [139353] cPanel up to 64.0.20 Account Rename privilege escalation
864| [139351] cPanel up to 64.0.20 crontab Timing information disclosure
865| [139350] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
866| [139349] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
867| [139348] cPanel up to 64.0.20 Serverinfo_manpage API API Call directory traversal
868| [139347] cPanel up to 64.0.20 ClamScanner_getsocket API Code Execution
869| [139346] cPanel up to 64.0.20 SourceIPCheck API directory traversal
870| [139345] cPanel up to 64.0.20 SSL API API Call privilege escalation
871| [139344] cPanel up to 64.0.20 SSH API Command privilege escalation
872| [139343] cPanel up to 64.0.20 SSH Port Forwarding privilege escalation
873| [139342] cPanel up to 64.0.20 API Cpanel::SPFUI privilege escalation
874| [139341] cPanel up to 64.0.20 Demo Account Open Redirect
875| [139340] cPanel up to 64.0.20 traceroute privilege escalation
876| [139339] cPanel up to 64.0.20 ImageManager API Call Code Execution
877| [139338] cPanel up to 64.0.20 Encoding API Call Code Execution
878| [139336] cPanel up to 64.0.20 API Call Fileman::getfileactions directory traversal
879| [139335] cPanel up to 64.0.20 BoxTrapper API Code Execution
880| [139333] cPanel up to 64.0.20 Filter API API Call Code Execution
881| [139331] cPanel up to 66.0.0 Suspend privilege escalation
882| [139326] cPanel up to 66.0.1 Log File information disclosure
883| [139320] cPanel up to 66.0.1 WHM cPAddons Processing Stored cross site scripting
884| [139319] cPanel up to 66.0.1 WHM cPAddons Uninstallation Stored cross site scripting
885| [139318] cPanel up to 66.0.1 WHM cPAddons file Operation Stored cross site scripting
886| [139317] cPanel up to 66.0.1 WHM cPAddons Installation Stored cross site scripting
887| [139316] cPanel up to 67.9999.102 Roundcube SQLite Schema Update directory traversal
888| [139314] cPanel up to 67.9999.102 redirect.html Open Redirect
889| [139311] cPanel up to 67.9999.102 Addon Domain Conversion privilege escalation
890| [139310] cPanel up to 67.9999.102 Backup Archive information disclosure
891| [139309] cPanel up to 67.9999.102 Backup Interface Archive information disclosure
892| [139308] cPanel up to 67.9999.102 WHM MySQL Password Change Interfaces Stored cross site scripting
893| [139307] cPanel up to 67.9999.102 Support-Agreement Download weak authentication
894| [139306] cPanel up to 67.9999.102 eximstats sql injection
895| [139304] cPanel up to 68.0.14 Domain denial of service
896| [139303] cPanel up to 68.0.14 Mailman Archive Code Execution
897| [139302] cPanel up to 68.0.14 cpaddons Stored cross site scripting
898| [139301] cPanel up to 68.0.14 Username unknown vulnerability
899| [139299] cPanel up to 68.0.14 sqloptimizer information disclosure
900| [139298] cPanel up to 68.0.14 Hostname privilege escalation
901| [139295] cPanel up to 68.0.14 SSL Username privilege escalation
902| [139294] cPanel up to 68.0.14 Username privilege escalation
903| [139293] cPanel up to 68.0.14 Email Username privilege escalation
904| [139292] cPanel up to 68.0.14 PostgreSQL Database Collision privilege escalation
905| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
906| [139287] cPanel up to 68.0.14 Reseller Style Upload Code Execution
907| [139286] cPanel up to 68.0.14 PostgresAdmin Code Execution
908| [139282] cPanel up to 68.0.14 DNS Zone SOA Record privilege escalation
909| [139260] cPanel up to 68.0.26 WHM listips Interface cross site scripting
910| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
911| [139258] cPanel up to 68.0.26 WHM Spamd Startup Config cross site scripting
912| [139257] cPanel up to 68.0.26 WHM Account Transfer Stored cross site scripting
913| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
914| [139255] cPanel up to 68.0.26 Backup cross site scripting
915| [139252] cPanel up to 68.0.26 bin/csvprocess privilege escalation
916| [139245] cPanel up to 68.0.26 WHM API API Call privilege escalation
917| [139244] cPanel up to 68.0.26 Rename User Name information disclosure
918| [139242] cPanel up to 70.0.22 WHM Reset a DNS Zone Stored cross site scripting
919| [139241] cPanel up to 70.0.22 Account Suspension privilege escalation
920| [139240] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
921| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
922| [139238] cPanel up to 70.0.22 Landing Page Code Execution
923| [139237] cPanel up to 70.0.22 Htaccess Optimization Bypass privilege escalation
924| [139236] cPanel up to 70.0.22 redirect.html Open Redirect
925| [139235] cPanel up to 70.0.22 cpaddons Vendor Interface Stored cross site scripting
926| [139231] cPanel up to 70.0.22 WHM Style Upload privilege escalation
927| [139230] cPanel up to 70.0.22 WHM Synchronize DNS Record Stored cross site scripting
928| [139229] cPanel up to 70.0.22 WHM DNS Cleanup Stored cross site scripting
929| [139228] cPanel up to 70.0.22 WHM Delete a DNS Zone Stored cross site scripting
930| [139227] cPanel up to 70.0.22 HM Edit DNS Zone Stored cross site scripting
931| [139226] cPanel up to 70.0.22 WHM Create Account Stored cross site scripting
932| [139225] cPanel up to 70.0.22 WHM DNS Cluster Stored cross site scripting
933| [139223] cPanel up to 70.0.22 WHM Edit MX Entry Stored cross site scripting
934| [139222] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
935| [139221] cPanel up to 70.0.22 OpenID Injection privilege escalation
936| [139220] cPanel up to 70.0.22 trustclustermaster.cgi information disclosure
937| [139219] cPanel up to 70.0.22 awstats Code Execution
938| [139218] cPanel up to 70.0.22 cpaddonsup Code Execution
939| [139217] cPanel up to 70.0.22 WHM cPAddons showsecurity Interface cross site scripting
940| [139214] cPanel up to 71.9980.36 API Mime::list_hotlinks privilege escalation
941| [139213] cPanel up to 71.9980.36 Image Feature API Call privilege escalation
942| [139212] cPanel up to 71.9980.36 Backup API Call privilege escalation
943| [139211] cPanel up to 71.9980.36 cron API Call privilege escalation
944| [139210] cPanel up to 71.9980.36 WHM Backup Configuration Interface cross site scripting
945| [139208] cPanel up to 71.9980.36 WHM Save Theme Interface Stored cross site scripting
946| [139207] cPanel up to 71.9980.36 YUM Autorepair Stored cross site scripting
947| [139206] cPanel up to 71.9980.36 WHM cPAddons Installation Interface Stored cross site scripting
948| [139205] cPanel up to 71.9980.36 cPAddons Moderation Injection privilege escalation
949| [139202] cPanel up to 71.9980.36 API Token ACL unknown vulnerability
950| [139199] cPanel up to 73.x CAA Record privilege escalation
951| [139197] cPanel up to 73.x Record privilege escalation
952| [139194] cPanel up to 73.x Database Backup sql injection
953| [139190] cPanel up to 11.53.x WHM API Zone privilege escalation
954| [139189] cPanel up to 11.53.x Webmail API Password Reset privilege escalation
955| [139188] cPanel up to 11.53.x DNS NS Entry Code Execution
956| [139187] cPanel up to 11.53.x Email Sending privilege escalation
957| [139186] cPanel up to 11.53.x Comet Feed information disclosure
958| [139185] cPanel up to 11.54.0.3 cpsrvd Code Execution
959| [139184] cPanel up to 11.54.0.3 X3 Entropy Banner Interface cross site scripting
960| [139183] cPanel up to 11.54.0.3 WHM Feature Manager interface Stored cross site scripting
961| [139182] cPanel up to 11.54.0.3 AppConfig Subsystem ACL privilege escalation
962| [139181] cPanel up to 11.54.0.3 WHM PHP Configuration Editor Interface cross site scripting
963| [139180] cPanel up to 11.54.0.3 synccpaddonswithsqlhost Code Execution
964| [139179] cPanel up to 11.54.0.3 scripts/secureit privilege escalation
965| [139178] cPanel up to 11.54.0.3 scripts/quotacheck directory traversal
966| [139177] cPanel up to 11.54.0.3 scripts/fixmailboxpath directory traversal
967| [139176] cPanel up to 11.54.0.3 Roundcube Database Conversion privilege escalation
968| [139175] cPanel up to 11.54.0.3 check_system_storable directory traversal
969| [139174] cPanel up to 11.54.0.3 chcpass Password information disclosure
970| [139173] cPanel up to 11.54.0.3 JSON-API Code Execution
971| [139172] cPanel up to 11.54.0.3 setup_global_spam_filter.pl directory traversal
972| [139171] cPanel up to 11.54.0.3 bin/mkvhostspasswd information disclosure
973| [139170] cPanel up to 11.54.0.3 Duplication Code Execution
974| [139169] cPanel up to 11.54.0.3 horde_update_usernames sql injection
975| [139168] cPanel up to 11.54.0.3 bin/fmq directory traversal
976| [139167] cPanel up to 11.54.0.3 @INC Path Code Execution
977| [139166] cPanel up to 55.9999.140 Authentication directory traversal
978| [139165] cPanel up to 55.9999.140 cPHulkd privilege escalation
979| [139164] cPanel up to 55.9999.140 FTP Lockout privilege escalation
980| [139163] cPanel up to 55.9999.140 cPHulkd privilege escalation
981| [139162] cPanel up to 55.9999.140 FTP cPHulk privilege escalation
982| [139161] cPanel up to 55.9999.140 Two-factor Authentication weak authentication
983| [139160] cPanel up to 55.9999.140 ACL Bypass privilege escalation
984| [139158] cPanel up to 55.9999.140 @INC Path Code Execution
985| [139157] cPanel up to 55.9999.140 WHM Edit System Mail Preferences Stored cross site scripting
986| [139156] cPanel up to 55.9999.140 Two Factor Authentication DNS Clustering Request Bypass weak authentication
987| [139155] cPanel up to 55.9999.140 Security Policy Bypass privilege escalation
988| [139154] cPanel up to 55.9999.140 DNS NS Entry Code Execution
989| [139153] cPanel up to 55.9999.140 Maketext Code Execution
990| [139152] cPanel up to 55.9999.140 X3 Reseller Branding Image cross site scripting
991| [139151] cPanel up to 55.9999.140 Scripts/addpop information disclosure
992| [139150] cPanel up to 55.9999.140 Daemons privilege escalation
993| [139149] cPanel up to 57.9999.53 cpanellogd information disclosure
994| [139148] cPanel up to 57.9999.53 File Permission Log privilege escalation
995| [139147] cPanel up to 57.9999.53 ModSecurity TailWatch Log File sql injection
996| [139146] cPanel up to 57.9999.53 WebMail Code Execution
997| [139145] cPanel up to 57.9999.53 WebMail directory traversal
998| [139144] cPanel up to 57.9999.53 Demo Mode show_template.stor privilege escalation
999| [139143] cPanel up to 57.9999.53 FTP Account cross site scripting
1000| [139142] cPanel up to 11.52.0.12 get_information_for_applications directory traversal
1001| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1002| [139129] cPanel up to 73.x WHM File Restoration Interface Stored cross site scripting
1003| [139128] cPanel up to 74.0.7 Account Suspension privilege escalation
1004| [139126] cPanel up to 74.0.7 Security Questions Login Page Stored cross site scripting
1005| [139124] cPanel up to 74.0.7 Demo Account Fileman::viewfile Code Execution
1006| [139123] cPanel up to 74.0.7 File and Directory Restoration Stored cross site scripting
1007| [139122] cPanel up to 74.0.7 WHM Style Upload Interface cross site scripting
1008| [139121] cPanel up to 74.0.7 Site Software Moderation Interface cross site scripting
1009| [139120] cPanel up to 74.0.7 WHM Security Questions Interface cross site scripting
1010| [139119] cPanel up to 74.0.7 Create a New Account cross site scripting
1011| [139021] cPanel up to 78.0.1 Connection Reset File privilege escalation
1012| [139019] cPanel up to 78.0.1 DCV API privilege escalation
1013| [139016] cPanel up to 78.0.1 Demo Account privilege escalation
1014| [139015] cPanel up to 78.0.1 OpenID information disclosure
1015| [139014] cPanel up to 78.0.17 BoxTrapper Queue Listing Stored cross site scripting
1016| [139013] cPanel up to 78.0.17 securitypolicy.cg Code Execution
1017| [139011] cPanel up to 78.0.17 Mail Relay Spam privilege escalation
1018| [139009] cPanel up to 78.0.17 API Code Execution
1019| [139006] cPanel up to 80.0.4 ajax_maketext_syntax_util.pl Code Execution
1020| [139005] cPanel up to 80.0.4 API privilege escalation
1021| [139000] cPanel up to 80.0.21 Demo Account Code Execution
1022| [138998] cPanel up to 82.0.1 Modify Account Interface Stored cross site scripting
1023| [138996] cPanel up to 82.0.1 Exim Log Parser privilege escalation
1024| [138995] cPanel up to 82.0.1 Webmail Master Template cross site scripting
1025| [138994] cPanel up to 82.0.1 WHM Tomcat Manager Interface Stored cross site scripting
1026| [138974] cPanel up to 76.0.7 MultiPHP Manager Interface Stored cross site scripting
1027| [138973] cPanel up to 76.0.7 Connection Open Redirect
1028| [138972] cPanel up to 76.0.7 DNS Zone Stored cross site scripting
1029| [138971] cPanel up to 76.0.7 Backup cross site scripting
1030| [138970] cPanel up to 76.0.7 Virtual FTP Server privilege escalation
1031| [138969] cPanel up to 76.0.7 Attachment Code Execution
1032| [123444] cPanel up to 74 HTML Rendering index.html cross site scripting
1033| [114155] Afian FileRun ?module=users&section=cpanel&page=list Parameter sql injection
1034| [103771] cPanel up to 66.0.1 WHM Upload Locale Interface Filename cross site scripting
1035| [95199] cPanel entropysearch.cgi information disclosure
1036| [95198] cPanel entropysearch.cgi information disclosure
1037| [75240] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
1038| [75239] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
1039| [13380] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Interfaces cross site scripting
1040| [13379] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Locales ACL privilege escalation
1041| [13378] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Mailman List Password change_pw weak encryption
1042| [13377] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Configure Customer Contact privilege escalation
1043| [13376] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering ACL privilege escalation
1044| [13375] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering Commands privilege escalation
1045| [13370] cPanel 11.40.1.13/11.42.1.15 Database ADDDBPRIVS Command privilege escalation
1046| [13369] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Boxtrapper cgi-sys Script bxd.cgi denial of service
1047| [13368] cPanel 11.40.1.13/11.42.1.15 Transfer CGI Scripts privilege escalation
1048| [13367] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call serviceinfo privilege escalation
1049| [13366] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call /scripts2/showservice privilege escalation
1050| [13365] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 SSH Key Password privilege escalation
1051| [13363] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 cgiemail 1.6 privilege escalation
1052| [13361] cPanel up to 11.43.0.11/11.42.1.15/11.40.1.13 unknown vulnerability
1053| [12816] cPanel 11.38.2/11.40.1/11.42.0 Modify Account Interface privilege escalation
1054| [12814] cPanel 11.38.2/11.40.1/11.42.0 URL cross site scripting
1055| [12813] cPanel 11.38.2/11.40.1/11.42.0 Password Reset privilege escalation
1056| [12809] cPanel 11.38.2/11.40.1/11.42.0 Form Mailer Header FormMail.pl privilege escalation
1057| [12808] cPanel 11.38.2/11.40.1/11.42.0 XML-API batch memory corruption
1058| [12807] cPanel 11.38.2/11.40.1/11.42.0 wwwacct Interface /scripts5/wwwacct privilege escalation
1059| [12806] cPanel 11.38.2/11.40.1/11.42.0 objcache Storage System Template Toolkit memory corruption
1060| [12805] cPanel 11.38.2/11.40.1/11.42.0 XML information disclosure
1061| [12798] cPanel 11.38.2/11.40.1/11.42.0 /cgi/cpaddons_report.pl cross site scripting
1062| [12797] cPanel 11.38.2/11.40.1/11.42.0 DNS Zone Editor information disclosure
1063| [12796] cPanel WHM 11.38.2/11.40.1/11.42.0 /cgi/sshcheck.cgi cross site scripting
1064| [12795] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/installfp cross site scripting
1065| [12794] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/uninstallfp cross site scripting
1066| [12793] cPanel 11.38.2/11.40.1/11.42.0 entropysearch.cgi cross site scripting
1067| [12792] cPanel 11.38.2/11.40.1/11.42.0 activate_remote_nameservers.cgi maketext privilege escalation
1068| [12285] cPanel 11.38.2/11.40.1/11.42.0 filelist-thumbs.html cross site scripting
1069| [12284] cPanel 11.38.2/11.40.1/11.42.0 editit.html cross site scripting
1070| [12283] cPanel 11.38.2/11.40.1/11.42.0 def.html cross site scripting
1071| [12282] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 DNS Cluster privilege escalation
1072| [12281] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 New Account wwwacctform locale/cpmod Parameter privilege escalation
1073| [12280] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/cpaddons_feature.pl cross site scripting
1074| [12279] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Account Creation Ruby Code privilege escalation
1075| [12278] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Backup Restore privilege escalation
1076| [12277] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Bypass privilege escalation
1077| [12276] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/zoneeditor.cgi Newline privilege escalation
1078| [12275] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 WHM Interface /scripts/park directory traversal
1079| [12274] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API get_remote_access_hash information disclosure
1080| [12273] cPanel 11.36.2.9/11.38.2.12 Account Creation directory traversal
1081| [12220] cPanel 11.36.2.10/11.38.2.13/11.40.0.29/11.40.1.3 WHM XML/JSON API getpkginfo information disclosure
1082| [11601] cPanel WHM 11.36.2.11/11.38.2.14/11.40.0.30/11.40.1.6 XML/JSON getpkginfo information disclosure
1083| [11625] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Login Security Token information disclosure
1084| [11624] cPanel WHM 11.38.2.12 Branding Subsystem privilege escalation
1085| [11621] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cPAddons Upgrade Password information disclosure
1086| [11620] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Edit DNS Zone Interface Entry information disclosure
1087| [11619] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 SSH Authentication User Name privilege escalation
1088| [11618] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 X3 Theme countedit.cgi directory traversal
1089| [11616] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cpsrvd HTTP Request Bypass privilege escalation
1090| [11613] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Bandmin Reflected cross site scripting
1091| [11612] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 API Call UI::dynamicincludelist directory traversal
1092| [11609] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Config cross site request forgery
1093| [11608] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Translatable Phrase Locale::Maketext privilege escalation
1094| [11607] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 CSRF Protection Token Bypass cross site request forgery
1095| [11606] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cross site scripting
1096| [11604] cPanel WHM 11.36.2.9 Virtualhost Installation privilege escalation
1097| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
1098| [11017] cPanel WHM up to 11.40.0.11 SSL Certificate denial of service
1099| [11016] cPanel WHM up to 11.40.0.11 Configure Customer Contact Interface Bypass privilege escalation
1100| [11015] cPanel WHM up to 11.40.0.11 Bypass cross site scripting
1101| [11014] cPanel WHM up to 11.40.0.11 File Upload Bypass privilege escalation
1102| [11013] cPanel WHM up to 11.40.0.11 POST Request privilege escalation
1103| [11011] cPanel WHM up to 11.40.0.11 Cpanel::LogMeIn weak authentication
1104| [11010] cPanel WHM up to 11.40.0.11 logaholic_lang Cookie privilege escalation
1105| [11007] cPanel WHM up to 11.40.0.11 Manage SSL Hosts Interface cross site request forgery
1106| [9921] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 SSL Certificate privilege escalation
1107| [9920] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
1108| [9919] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
1109| [10129] cPanel WHM up to 11.38.0.14 cross site scripting
1110| [10126] cPanel WHM up to 11.38.0.14 weak authentication
1111| [9361] cPanel WHM up to 11.38.0.14 Web Host Manager privilege escalation
1112| [9352] cPanel WHM up to 11.38.0.8 Restore Full Backup Symlink unknown vulnerability
1113| [9348] cPanel WHM up to 11.36.1.5 scripts2/ssh_doaddkey unknown vulnerability
1114| [10123] cPanel WHM up to 11.36.0.9 Access Control privilege escalation
1115| [10122] cPanel WHM up to 11.36.0.9 countedit.cgi cross site scripting
1116| [91109] cPanel WHM v11.24.7.x cross site scripting
1117| [52940] cPanel up to 11.24.7 cross site scripting
1118| [86883] cPanel fileop.html cross site scripting
1119| [48827] cPanel up to 11.23.1 Current index.php directory traversal
1120| [48812] cPanel directory traversal
1121| [49331] cPanel autoinstall4imagesgalleryupgrade.php cross site scripting
1122| [42542] cPanel 11.8.6/11.23.1 memory corruption
1123| [42303] cPanel up to 11.22.2 WHM Interface cross site request forgery
1124| [42302] cPanel up to 11.22.2 WHM Interface cross site scripting
1125| [42219] cPanel 11.18.3/11.19.3 cross site request forgery
1126| [41689] cPanel 11.18.3/11.21 cross site scripting
1127| [49762] cPanel 11.18.3 index.html directory traversal
1128| [40642] cPanel 11.16 dohtaccess.html cross site scripting
1129| [38023] cPanel 10.9.1 changepro.html cross site scripting
1130| [37433] cPanel 10.9.0 Build 10300/11.4.19 Error Message information disclosure
1131| [37432] cPanel 10.9.0 Build 10300/11.4.19 CGI Wrapper cross site scripting
1132| [35618] cPanel 10.x directory traversal
1133| [34925] cPanel WebHost Manager memory corruption
1134| [34986] cPanel WebHost Manager up to 11.0.0 cross site scripting
1135| [85585] cPanel scripts2/objcache memory corruption
1136| [85156] cPanel WebHost Manager scripts2/objcache privilege escalation
1137| [30642] cPanel privilege escalation
1138| [33838] cPanel WebHost Manager 3.1.0 cross site scripting
1139| [33814] cPanel 11 cross site scripting
1140| [33536] cPanel WebHost Manager 3.1.0 cross site scripting
1141| [84843] cPanel newuser.html cross site scripting
1142| [33243] cPanel 10 seldir.html cross site scripting
1143| [32973] cPanel 10.9.0 R50 cross site scripting
1144| 
1145| MITRE CVE - https://cve.mitre.org:
1146| [CVE-2009-4823] Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
1147| [CVE-2009-3316] SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
1148| [CVE-2009-2275] Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
1149| [CVE-2009-2168] cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
1150| [CVE-2009-2167] Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
1151| [CVE-2008-7142] Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
1152| [CVE-2008-6927] Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
1153| [CVE-2008-6926] Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action.  NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
1154| [CVE-2008-6843] Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
1155| [CVE-2008-4181] Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter.  NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
1156| [CVE-2008-2478] ** DISPUTED **  scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box).  NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."
1157| [CVE-2008-2071] Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
1158| [CVE-2008-2070] The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
1159| [CVE-2008-2043] Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
1160| [CVE-2008-1499] Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
1161| [CVE-2008-0370] Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter.  NOTE: some of these details are obtained from third party information.
1162| [CVE-2007-4022] Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
1163| [CVE-2007-3367] Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message.  NOTE: the provenance of this information is unknown
1164| [CVE-2007-3366] Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI.  NOTE: the provenance of this information is unknown
1165| [CVE-2007-1455] Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
1166| [CVE-2007-0890] Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
1167| [CVE-2007-0854] Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter.  NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
1168| [CVE-2006-6566] PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
1169| [CVE-2006-6548] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct.  NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.
1170| [CVE-2006-6523] Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
1171| [CVE-2006-6198] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
1172| [CVE-2006-5883] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
1173| [CVE-2006-5535] Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
1174| [CVE-2006-5014] Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
1175| [CVE-2006-4293] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
1176| [CVE-2006-3337] Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
1177| [CVE-2006-2825] cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
1178| [CVE-2006-1119] fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
1179| [CVE-2006-0763] Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
1180| [CVE-2006-0574] Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
1181| [CVE-2006-0573] Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html
1182| [CVE-2006-0533] Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
1183| [CVE-2005-3505] Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
1184| [CVE-2005-2021] Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
1185| [CVE-2004-2398] Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
1186| [CVE-2004-2308] Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
1187| [CVE-2004-1875] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html.  NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
1188| [CVE-2004-1849] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
1189| [CVE-2004-1770] The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
1190| [CVE-2004-1769] The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
1191| [CVE-2004-1604] cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
1192| [CVE-2004-1603] cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
1193| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
1194| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
1195| [CVE-2003-1426] Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
1196| [CVE-2003-1425] guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
1197| [CVE-2003-0521] Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
1198| 
1199| SecurityFocus - https://www.securityfocus.com/bid/:
1200| [95395] cPanel Multiple Security Vulnerabilities
1201| [90463] cPanel CVE-2004-1604 Remote Security Vulnerability
1202| [85002] cPanel CVE-2008-2043 Cross-Site Request Forgery Vulnerability
1203| [84099] cPanel CVE-2006-0573 Cross-Site Scripting Vulnerability
1204| [84076] cPanel CVE-2006-0533 Cross-Site Scripting Vulnerability
1205| [84074] cPanel CVE-2006-0574 Cross-Site Scripting Vulnerability
1206| [84064] cPanel CVE-2006-0763 Cross-Site Scripting Vulnerability
1207| [82752] cPanel CVE-2003-0521 Cross-Site Scripting Vulnerability
1208| [80161] cPanel CVE-2006-2825 Remote Security Vulnerability
1209| [67611] cPanel Multiple Unspecified Security Vulnerabilities
1210| [66561] cPanel Multiple Security Vulnerabilities
1211| [65618] cPanel Horde Backup Archive Insecure File Permissions Vulnerability
1212| [65464] cPanel Multiple Security Vulnerabilities
1213| [65159] Cpanel CloudFlare Plugin Local Security Bypass Vulnerability
1214| [64511] cPanel WHM XML and JSON APIs Multiple Arbitrary File Disclosure Vulnerabilities
1215| [64472] cPanel Multiple Security Vulnerabilities
1216| [64016] cPanel Varnish Plugin Multiple Security Vulnerabilities
1217| [63831] Add-On Domain to Main Account Convertor cPanel WHM Plugin Arbitrary Command Execution Vulnerability
1218| [63829] Add-On Domain to Main Account Convertor cPanel WHM Plugin Local Privilege Escalation Vulnerability
1219| [63371] cPanel Multiple Security Vulnerabilities
1220| [63220] CloudFlare Plugin For cPanel Arbitrary File Write Local Privilege Escalation Vulnerability
1221| [62140] cPanel Multiple Security Vulnerabilities
1222| [61812] cPanel Multiple Remote Security Vulnerabilities
1223| [61018] cPanel 'cpanellogd' Multiple Remote Privilege Escalation Vulnerabilities
1224| [60672] WHMXtra Cpanel Xtra Plugin Unspecified Local Security Bypass Vulnerability
1225| [60663] cPanel Varnish Plugin Remote Privilege Escalation Vulnerability
1226| [57064] cPanel 'dir' Parameter Cross Site Scripting Vulnerability
1227| [57060] cPanel and WHM Multiple Cross Site Scripting Vulnerabilities
1228| [57045] cPanel 'account' Parameter Cross Site Scripting Vulnerability
1229| [56818] cPanel Multiple Unspecified Vulnerabilities
1230| [53757] cPanel Multiple Unspecified Vulnerabilities
1231| [47621] cPanel X3 File Manager Module Cross-Site Scripting Vulnerability
1232| [41723] cPanel Unspecified Cross Site Scripting Vulnerability
1233| [41391] cPanel Cross-Site Request Forgery Vulnerability
1234| [40622] cPanel Image Manager 'target' Parameter Local File Include Vulnerability
1235| [37902] cPanel and WHM 'failurl' Parameter HTTP Response Splitting Vulnerability
1236| [37394] cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
1237| [35518] cPanel 'lastvisit.html' Arbitrary File Disclosure Vulnerability
1238| [34142] cPanel Legacy File Manager File Name HTML Injection Vulnerability
1239| [33840] cPanel HTML Injection and Cross-Site Scripting Vulnerabilities
1240| [29277] cPanel 'wwwact' Remote Privilege Escalation Vulnerability
1241| [29125] cPanel Multiple Cross-Site Scripting Vulnerabilities
1242| [28403] cPanel 'manpage.html' Cross-Site Scripting Vulnerability
1243| [28300] cPanel List Directories and Folders Information Disclosure Vulnerability
1244| [27308] cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability
1245| [25047] CPanel Resname Parameter Cross-Site Scripting Vulnerability
1246| [24586] CPanel SCGIwrap Path Disclosure And Cross-Site Scripting Vulnerabilities
1247| [22915] cPanel Multiple Local File Include Vulnerabilities
1248| [22474] CPanel PassWDMySQL Cross-Site Scripting Vulnerability
1249| [22455] Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
1250| [21497] CPanel BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
1251| [21387] CPanel Multiple HTML Injection Vulnerabilities
1252| [21287] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
1253| [21142] CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
1254| [21027] CPanel User and Dir Parameters Multiple Cross-Site Scripting Vulnerabilities
1255| [20683] CPanel Multiple Cross-Site Scripting Vulnerabilities
1256| [20163] CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
1257| [19624] CPanel Multiple Cross-Site Scripting Vulnerabilities
1258| [18671] cPanel OnMouseover Cross-Site Scripting Vulnerability
1259| [18655] Cpanel Select.HTML Cross-Site Scripting Vulnerability
1260| [16482] cPanel Multiple Cross-Site Scripting Vulnerabilities
1261| [15327] cPanel Chat Message Field HTML Injection Vulnerability
1262| [13996] cPanel User Parameter Cross-Site Scripting Vulnerability
1263| [11456] cPanel Front Page Extension Installation Information Disclosure Vulnerability
1264| [11455] cPanel Front Page Extension Installation File Ownership Vulnerability
1265| [11449] cPanel Remote Backup Information Disclosure Vulnerability
1266| [10505] cPanel Passwd Remote SQL Injection Vulnerability
1267| [10479] Multiple CPanel Perl Script Failure To Implement Taint Mode Weakness
1268| [10468] cPanel Killacct Script Customer Account DNS Information Deletion Vulnerability
1269| [10407] cPanel Local Privilege Escalation Vulnerability
1270| [10002] cPanel Multiple Module Cross-Site Scripting Vulnerabilities
1271| [9965] CPanel Multiple Cross-Site Scripting Vulnerabilities
1272| [9855] cPanel Login Script Remote Command Execution Vulnerability
1273| [9853] cPanel dir Parameter Cross-Site Scripting Vulnerability
1274| [9848] cPanel Resetpass Remote Command Execution Vulnerability
1275| [8119] CPanel Admin Interface HTML Injection Vulnerability
1276| [7758] cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
1277| [6885] cPanel Openwebmail Local Privileges Escalation Vulnerability
1278| [6882] cPanel Guestbook.cgi Remote Command Execution Vulnerability
1279| 
1280| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1281| [85491] cPanel cpanellogd multiple privilege escalation
1282| [85114] Cpanel Xtra plugin for WHMXtra unspecified security bypass
1283| [80880] cPanel dir.html dir parameter cross-site scripting
1284| [80854] cPanel and WHM clientconf.html and detailbw.html cross-site scripting
1285| [80822] cPanel manage.html cross-site scripting
1286| [80514] cPanel multiple unspecified vulns
1287| [79604] cPanel Pro multiple cross-site request forgery
1288| [76017] cPanel multiple unspecified
1289| [71957] Whois.Cart Billing cpanel_2_log.htm information disclosure
1290| [67678] cPanel savefile.html cross-site request forgery
1291| [67175] cPanel X3 File Manager index.html cross-site scripting
1292| [63399] cPanel saveemail.html cross-site request forgery
1293| [61515] cPanel autoinstallhome.php security bypass
1294| [60429] cPanel unspecified cross-site scripting
1295| [60035] cPanel doaddftp.html cross-site request forgery
1296| [59275] Jreservation Component for Joomla! Property-Cpanel.html cross-site scripting
1297| [59274] Jreservation Component for Joomla! Property-Cpanel.html SQL Injection
1298| [59216] cPanel Image Manager target parameter file include
1299| [56437] cPanel addb.html cross-site request forgery
1300| [55814] cPanel failurl HTTP response splitting
1301| [55211] Whois.Cart cpanel_1_log.htm infomation disclosure
1302| [51426] cPanel lastvisit.html directory traversal
1303| [51412] Whois.Cart cpanel_1_log.htm information disclosure
1304| [51366] EgyPlus 7ml cpanel/login.php authentication bypass
1305| [49293] cPanel file manager cross-site scripting
1306| [48832] cPanel WHM interface cross-site request forgery
1307| [48831] cPanel scripts2/confdkillproc cross-site scripting
1308| [48830] cPanel .contactemail file cross-site scripting
1309| [46991] cPanel index.php directory traversal
1310| [46253] cPanel autoinstall4imagesgalleryupgrade.php cross-site scripting
1311| [46252] cPanel autoinstall4imagesgalleryupgrade.php file include
1312| [45147] Fantastico De Luxe module for cPanel xml.php file include
1313| [42529] cPanel wwwact privilege escalation
1314| [42306] cPanel WHM interface cross-site request forgery
1315| [42305] cPanel WHM interface cross-site scripting
1316| [42114] cPanel HTTP requests cross-site request forgery
1317| [41374] cPanel manpage.html cross-site scripting
1318| [41266] cPanel index.php showtree parameter information disclosure
1319| [39711] cPanel Hosting Manager dohtaccess.html cross-site scripting
1320| [35652] cPanel changepro.html cross-site scripting
1321| [35009] cPanel scgiwrap (Simple CGI Wrapper) path disclosure
1322| [35008] cPanel scgiwrap (Simple CGI Wrapper) cross-site scripting
1323| [32933] cPanel load_language.php and mysqlconfig.php file include
1324| [32462] cPanel passwdmysql cross-site scripting
1325| [32400] cPanel and WebHost Manager (WHM) Module scripts2/objcache cross-site scripting
1326| [30821] mxBB Cpanel Profile Module profilcp_constants.php file include
1327| [30793] cPanel pops.html cross-site scripting
1328| [30788] cPanel BoxTrapper manage.html cross-site scripting
1329| [30493] cPanel multiple scripts cross-site scripting
1330| [30413] cPanel Network Tools dnslook.html cross-site scripting
1331| [30229] cPanel user parameter cross-site scripting
1332| [29808] cPanel theme parameter cross-site scripting
1333| [29249] cPanel unspecified privilege escalation
1334| [28447] cPanel dohtaccess.html, editit.html and showfile.html cross-site scripting
1335| [27403] cPanel files/select.html cross-site scripting
1336| [26613] cPanel OpenBaseDir phpshell.php security bypass
1337| [25277] cPanel fantastico path disclosure
1338| [24839] cPanel dowebmailforward.cgi cross-site scripting
1339| [24580] cPanel admin username disclosure
1340| [24468] cPanel multiple scripts allow cross-site scripting
1341| [22993] cPanel Entropy Chat script can allow cross-site scripting
1342| [21781] cPanel administrator password allows domain access
1343| [21084] cPanel cpsrvd.pl cross-site scripting
1344| [17837] cPanel allows attacker to brute force account passwords
1345| [17781] cPanel _private modify permissions
1346| [17780] cPanel .htaccess modify ownership of files
1347| [17779] cPanel backup could allow an attacker to view files
1348| [16410] cPanel passwd allows password modification
1349| [16381] cPanel taint weak security
1350| [16347] cPanel suEXEC allows command execution
1351| [16325] cPanel killacct account deletion
1352| [16239] cPanel mod_phpsuexec allows command execution
1353| [16197] cPanel Fantastico information disclosure
1354| [15671] cPanel multiple scripts cross-site scripting
1355| [15517] cPanel dodelautores.html or addhandle.html cross-site scripting
1356| [15486] cPanel login scripts allows command execution
1357| [15485] cPanel dir parameter allows cross-site scripting
1358| [15443] cPanel resetpass section allows execution of commands
1359| [12508] cPanel Error Log and Latest Visitors page cross-site scripting
1360| [12237] cPanel Formail-clone domain name bypass allows email relaying
1361| [11357] cPanel SCRIPT_FILENAME privilege elevation
1362| [11356] cPanel guestbook.cgi command execution
1363| 
1364| Exploit-DB - https://www.exploit-db.com:
1365| [30380] CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability
1366| [29572] CPanel <= 11 PassWDMySQL Cross-Site Scripting Vulnerability
1367| [29238] cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
1368| [29237] CPanel 11 BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
1369| [29188] cPanel WebHost Manager 3.1 park ndomain Parameter XSS
1370| [29187] cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS
1371| [29186] cPanel WebHost Manager 3.1 editzone domain Parameter XSS
1372| [29185] cPanel WebHost Manager 3.1 domts2 domain Parameter XSS
1373| [29184] cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS
1374| [29183] cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS
1375| [29182] cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS
1376| [29181] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
1377| [29071] CPanel 10 DNSlook.HTML Cross-Site Scripting Vulnerability
1378| [28983] cPanel 10 newuser.html Multiple Parameter XSS
1379| [28982] cPanel 10 seldir.html dir Parameter XSS
1380| [28844] cPanel 10.9 editzonetemplate template Parameter XSS
1381| [28843] cPanel 10.9 dosetmytheme theme Parameter XSS
1382| [28660] CPanel 5-10 SUID Wrapper Remote Privilege Escalation Vulnerability
1383| [28415] cPanel 10.x showfile.html file Parameter XSS
1384| [28414] cPanel 10.x editit.html file Parameter XSS
1385| [28413] cPanel 10.x dohtaccess.html dir Parameter XSS
1386| [28113] cPanel 10.8.1/10.8.2 OnMouseover Cross-Site Scripting Vulnerability
1387| [28107] Cpanel 10 Select.HTML Cross-Site Scripting Vulnerability
1388| [27162] cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
1389| [25846] cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability
1390| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
1391| [24183] cPanel 5-9 Passwd Remote SQL Injection Vulnerability
1392| [24172] cPanel 5-9 Killacct Script Customer Account DNS Information Deletion Vulnerability
1393| [24141] cPanel 5-9 Local Privilege Escalation Vulnerability
1394| [23807] cPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability
1395| [23806] cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability
1396| [23804] cPanel 5/6/7/8/9 Resetpass Remote Command Execution Vulnerability
1397| [22874] CPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability
1398| [22693] cPanel 5/6,Formail-Clone E-Mail Restriction Bypass Vulnerability
1399| [22265] cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability
1400| [22263] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
1401| [22262] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (3)
1402| [22261] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
1403| [22260] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (1)
1404| [17330] cPanel < 11.25 CSRF - Add User php Script
1405| [15593] Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit
1406| [14854] MOAUB #1 - Cpanel PHP Restriction Bypass Vulnerability 0day
1407| [14188] Cpanel 11.25 - CSRF Add FTP Account Exploit
1408| [11527] cPanel Multiple CSRF Vulnerabilities
1409| [11211] cPanel HTTP Response Splitting Vulnerability
1410| [9039] Cpanel - (lastvisit.html domain) Arbitrary File Disclosure Vulnerability (auth)
1411| [6897] cpanel 11.x XSS / Local File Inclusion Vulnerability
1412| [6461] Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
1413| [3459] cPanel <= 10.9.x (fantastico) Local File Inclusion Vulnerabilities
1414| [2554] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
1415| [2466] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit
1416| 
1417| OpenVAS (Nessus) - http://www.openvas.org:
1418| No findings
1419| 
1420| SecurityTracker - https://www.securitytracker.com:
1421| [1028743] cPanel Flaws in Archive Function Let Local Users Gain Elevated Privileges
1422| [1027928] cPanel Input Validation Flaws in 'clientconf.html' and 'detailbw.html' Permit Cross-Site Scripting Attacks
1423| [1027923] cPanel Input Validation Flaw in 'account' Parameter Permits Cross-Site Scripting Attacks
1424| [1027839] cPanel Unspecified Flaws Have Unspecified Impact
1425| [1027111] cPanel Unspecified Flaws Have Unspecified Impact
1426| [1024382] cPanel Error in 'autoinstallhome.php' Lets Local Users Bypass PHP Restrictions
1427| [1022490] cPanel Input Validation Flaw in 'lastvisit.html' Lets Remote Users View Files
1428| [1020042] cPanel Input Validation Flaw in 'Email' Parameter Lets Local Users Gain Elevated Privileges
1429| [1016913] cPanel Bug Lets Remote Authenticated Users Gain Root Access
1430| [1016383] cPanel Input Validation Flaw in 'select.html' Permits Cross-Site Scripting Attacks
1431| [1015589] cPanel 'mime/handle.html' Input Validation Bug Permits Cross-Site Scripting Attacks
1432| [1015157] cPanel Input Validation Hole in Entropy Chat Permits Cross-Site Scripting Attacks
1433| [1014633] cPanel Domain Access Control Flaw May Let Remote Users Access Other Domains in Certain Cases
1434| [1011877] cPanel Webmail Only Requires First Eight Characters of Password
1435| [1011762] cPanel Backup and FrontPage Management Bugs Let Remote Authenticated Users View, Edit, and Own Arbitrary Files
1436| [1010449] cPanel Access Control Flaw Lets Remote Authenticated Users Make Unauthorized Database Password Changes
1437| [1010411] cPanel suEXEC Flaw May Let Remote Authenticated Users Execute Abitrary Code
1438| [1010398] cPanel 'killacct' May Let Remote Authenticated Administrators Delete Accounts Belonging to Other Administrators
1439| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
1440| [1009541] cPanel 'dodelautores.html' and 'addhandle.html' Input Validation Flaws Permit Cross-Site Scripting Attacks
1441| [1009402] cPanel 'dohtaccess' Input Validation Flaw Permits Cross-Site Scripting Attacks
1442| [1009400] cPanel Password Reset and Login Features Let Remote Users Execute Arbitrary Commands With Root Privileges
1443| [1007113] cPanel Log File Filtering Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators
1444| [1006127] cPanel Web Hosting Control Panel Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Root Privileges
1445| 
1446| OSVDB - http://www.osvdb.org:
1447| [96167] SecPanel Unspecified User Plaintext Local Password Disclosure
1448| [96166] cPanel WHM Suspend Function Arbitrary Account Lockout Local DoS
1449| [96165] cPanel WHM Purchase and Install an SSL Certificate Feature Arbitrary File Overwrite
1450| [96164] cPanel WHM Unspecified Arbitrary Domain Manipulation
1451| [96163] cPanel WHM Unspecified Arbitrary DNS Zone Modification
1452| [94918] cPanel cpanellogd Cpanel::Logs::prep_logs_path Archive Creation Local Privilege Escalation
1453| [94904] RVSiteBuilder Plugin for cPanel Unspecified Symlink Local Privilege Escalation
1454| [94903] RVSkin rvwrapper Arbitrary cPanel Account Manipulation
1455| [94902] RVSiteBuilder Plugin for cPanel Unspecified Hardlink Arbitrary File Access
1456| [94884] cPanel Web Host Manager (WHM) locale Function Privilege Escalation
1457| [94868] cPanel Restore a Full Backup/cpmove File Feature Crafted Archive Restoration Symlink Arbitrary File Access
1458| [94865] cPremote Plugin for cPanel Unauthorized User Backup Service Access
1459| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
1460| [94859] cPanel /scripts2/ssh_doaddkey Arbitrary SSH Key Overwrite DoS
1461| [94427] WHMXtra Ultimate Pro Cpanel Xtra Plugin Arbitrary File Manipulation
1462| [94333] Varnish Plugin for cPanel Advanced Configuration Page Remote Privilege Escalation
1463| [88872] cPanel WebHost Manager (WHM) /webmail/x3/mail/filters/editfilter.html filtername Parameter XSS
1464| [88820] cPanel dir.html dir Parameter XSS
1465| [88773] cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS
1466| [88749] cPanel frontend/x3/mail/manage.html account Parameter XSS
1467| [88125] cPanel Multiple Unspecified Issues
1468| [82646] cPanel cPDAVd Filename Parsing Remote Code Execution
1469| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
1470| [80801] Almnzm /admincpanel/index.php Arbitrary Admin Creation CSRF
1471| [68373] cPanel Local safe_mode Bypass
1472| [67159] cPanel Unspecified XSS
1473| [61954] cPanel login/index.php failurl Parameter HTTP Response Splitting
1474| [61231] cPanel frontend/x3/files/fileop.html fileop Parameter XSS
1475| [56919] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php scriptpath_show Parameter Traversal Local File Inclusion
1476| [55545] Fantastico for cPanel index.php sup3r Parameter Traversal Arbitrary File Access
1477| [55515] cPanel frontend/x3/stats/lastvisit.html domain Parameter Traversal Arbitrary File Access
1478| [55301] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
1479| [55286] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
1480| [54356] Fantastico De Luxe Module for cPanel language.php Manipulation Privilege Escalation
1481| [53264] cPanel Legacy File Manager Filename XSS
1482| [53263] cPanel Standard File Manager Filename XSS
1483| [52253] cPanel Module Installation Function CSRF
1484| [52252] cPanel Password Change Function CSRF
1485| [52251] cPanel scripts2/confdkillproc Query String XSS
1486| [52250] cPanel .contactemail Local File XSS
1487| [51582] cPanel Disk Usage Module frontend/x/diskusage/index.html showtree Parameter Traversal Arbitrary Directory Listing
1488| [49518] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php Multiple Parameter XSS
1489| [48126] Fantastico De Luxe Module for cPanel includes/xml.php fantasticopath Parameter Local File Inclusion
1490| [45816] cPanel scripts/wwwacct Email Address Field Arbitrary Shell Command Execution
1491| [45068] WHM Interface for cPanel cpanel/whm/webmail CSRF
1492| [45067] WHM Interface for cPanel scripts2/listaccts search Parameter XSS
1493| [45066] WHM Interface for cPanel scripts2/changeip user Parameter XSS
1494| [45065] WHM Interface for cPanel scripts2/knowlegebase issue Parameter XSS
1495| [44848] cPanel frontend/x2/ftp/doaddftp.html command1 Parameter CSRF
1496| [44847] cPanel frontend/x2/sql/adduser.html command1 Parameter CSRF
1497| [44846] cPanel frontend/x2/sql/adddb.html command1 Parameter CSRF
1498| [44845] cPanel frontend/x2/cron/editcronsimple.html command1 Parameter CSRF
1499| [43854] cPanel frontend/x/manpage.html Query String XSS
1500| [40512] cPanel dohtaccess.html rurl Parameter XSS
1501| [39286] Dada Mail cpanel Mass Add/DL Subscriber XSS
1502| [36468] cPanel frontend/x/htaccess/changepro.html resname Parameter XSS
1503| [35861] cPanel Simple CGI Wrapper Direct Request Path Disclosure
1504| [35860] cPanel Simple CGI Wrapper URI XSS
1505| [35750] cPanel scripts2/objcache objcache Parameter Remote File Inclusion
1506| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
1507| [35036] Fantastico for cPanel includes/load_language.php userlanguage Parameter Traversal Local File Inclusion
1508| [33240] cPanel WebHost Manager (WHM) scripts2/objcache obj Variable Arbitrary Limited File Overwrite
1509| [33239] cPanel WebHost Manager (WHM) scripts/rearrangeacct domain Parameter XSS
1510| [33238] cPanel WebHost Manager (WHM) scripts2/dofeaturemanager feature Parameter XSS
1511| [33237] cPanel WebHost Manager (WHM) scripts2/limitbw domain Parameter XSS
1512| [33236] cPanel WebHost Manager (WHM) scripts2/changeemail domain Parameter XSS
1513| [33235] cPanel err/erredit.html dir Parameter XSS
1514| [33234] cPanel cpanelpro/dohtaccess.html dir Parameter XSS
1515| [33233] cPanel mail/pops.html domain Parameter XSS
1516| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
1517| [32043] cPanel scripts2/objcache objcache Parameter XSS
1518| [32042] cPanel BoxTrapper /mail/manage.html account Parameter XSS
1519| [31835] cPanel PHP OpenBaseDir Configuration Local Access Restriction Bypass
1520| [31757] cPanel WebHost Manager (WHM) park ndomain Parameter XSS
1521| [31756] cPanel WebHost Manager (WHM) dofeaturemanager feature Parameter XSS
1522| [31755] cPanel WebHost Manager (WHM) editzone domain Parameter XSS
1523| [31754] cPanel WebHost Manager (WHM) domts2 domain Parameter XSS
1524| [31753] cPanel WebHost Manager (WHM) editpkg pkg Parameter XSS
1525| [31752] cPanel WebHost Manager (WHM) addon_configsupport.cgi supporturl Parameter XSS
1526| [31751] cPanel WebHost Manager (WHM) dochangeemail email Parameter XSS
1527| [30586] cPanel dnslook.html dns Parameter XSS
1528| [30387] cPanel newuser.html Multiple Parameter XSS
1529| [30386] cPanel seldir.html dir Parameter XSS
1530| [30048] cPanel editzonetemplate template Parameter XSS
1531| [30047] cPanel dosetmytheme theme Parameter XSS
1532| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
1533| [29072] cPanel Multiple Password User Authentication Weakness
1534| [28043] cPanel showfile.html file Parameter XSS
1535| [28042] cPanel editit.html file Parameter XSS
1536| [28041] cPanel dohtaccess.html dir Parameter XSS
1537| [26866] cPanel select.html file Parameter XSS
1538| [24056] Fantastico cPanel Add-on Script Installation Failure Path Disclosure
1539| [22972] cPanel Null Login Administrator Username Disclosure
1540| [22971] cPanel dowebmailforward.cgi fwd Parameter XSS
1541| [22940] cPanel handle.html Multiple Field XSS
1542| [22939] cPanel detailbw.html target Parameter XSS
1543| [22938] cPanel diskusage.html showtree Parameter XSS
1544| [22937] cPanel dodelpop.html email Parameter XSS
1545| [22936] cPanel editquota.html email Parameter XSS
1546| [22906] cPanel webmailaging.cgi numdays Parameter XSS
1547| [20459] cPanel Entropy Chat Message Field XSS
1548| [18661] cPanel Common Password Cross Domain Privilege Escalation
1549| [17399] cPanel cpsrvd.pl user Parameter XSS
1550| [15298] cPanel/WHM SSH Port Forwarding Anonymous Proxy
1551| [11043] cPanel Webmail Truncated Password Weakness
1552| [10962] cPanel Frontpage _private Symlink Arbitrary File Permission Modification
1553| [10961] cPanel Frontpage .htaccess Hardlink Arbitrary File Owernship Modification
1554| [10960] cPanel Backup Feature Hardlink Arbitrary File Access
1555| [7665] cPanel whm Password File Locking Issue
1556| [7006] cPanel passwd Script Unauthorized Database Password Change
1557| [6946] cPanel detailbw.html Multiple Parameter XSS
1558| [6945] cPanel detailsubbw.html Multiple Parameter XSS
1559| [6944] cPanel bwday.html Multiple Parameter XSS
1560| [6943] cPanel detailsubbw.html View Unauthorized Domain Statistics
1561| [6942] cPanel bwday.html View Unauthorized Domain Statistics
1562| [6941] cPanel detailbw.html View Unauthorized Domain Statistics
1563| [6940] cPanel suEXEC Privilege Escalation
1564| [6712] cPanel killacct Script Arbitrary DNS Deletion
1565| [6418] cPanel mod_phpsuexec Arbitrary Code Execution
1566| [4530] cPanel addhandle.html handle Parameter XSS
1567| [4529] cPanel dodelautores.html email Parameter XSS
1568| [4244] cPanel htaccess/index.html dir Parameter XSS
1569| [4243] cPanel del.html account Parameter XSS
1570| [4222] cPanel Formail-clone E-Mail Relay
1571| [4220] cPanel guestbook.cgi template Variable Arbitrary Command Execution
1572| [4219] cPanel dohtaccess.html dir Parameter XSS
1573| [4218] cPanel Login Page user Parameter Arbitrary Command Execution
1574| [4217] cPanel editmsg.html Arbitrary File Access
1575| [4216] cPanel erredit.html Arbitrary File Access
1576| [4215] cPanel editmsg.html account Parameter XSS
1577| [4214] cPanel doaddftp.html login Parameter XSS
1578| [4213] cPanel repairdb.html db Parameter XSS
1579| [4212] cPanel showlog.html account Parameter XSS
1580| [4211] cPanel ignorelist.html account Parameter XSS
1581| [4210] cPanel dnslook.html dns Parameter XSS
1582| [4209] cPanel erredit.html file Parameter XSS
1583| [4208] cPanel testfile.html email Parameter XSS
1584| [4205] cPanel resetpass Arbitrary Command Execution
1585| [2277] cPanel Error Log Malicious HTML Tags Injection
1586|_