· 6 years ago · Mar 21, 2020, 08:08 AM
1PORT STATE SERVICE REASON VERSION
22078/tcp open ssl/http syn-ack ttl 50 cPanel httpd (unauthorized)
3|_http-server-header: cPanel
4| vulscan: VulDB - https://vuldb.com:
5| [139613] cPanel up to 57.9999.53 TTY enablefileprotect unknown vulnerability
6| [139612] cPanel up to 57.9999.53 TTY /scripts/unsuspendacct unknown vulnerability
7| [139611] cPanel up to 57.9999.53 TTY maildir_converter unknown vulnerability
8| [139610] cPanel up to 57.9999.53 TTY /scripts/checkinfopages unknown vulnerability
9| [139609] cPanel up to 57.9999.53 TTY /scripts/addpop unknown vulnerability
10| [139608] cPanel up to 57.9999.53 /scripts/killpvhost denial of service
11| [139607] cPanel up to 57.9999.53 Paper Lantern Landing Page cross site scripting
12| [139606] cPanel up to 57.9999.53 ajax_maketext_syntax_util.pl Code Execution
13| [139605] cPanel up to 57.9999.53 SQLite Journal directory traversal
14| [139604] cPanel up to 57.9999.104 LOC Record Newline Injection privilege escalation
15| [139603] cPanel up to 58.0.4 PHP CGI Code Execution
16| [139602] cPanel up to 58.0.3 Session unknown vulnerability
17| [139601] cPanel up to 58.0.3 BoxTrapper API API Call privilege escalation
18| [139599] cPanel before up to 58.0.3 unknown vulnerability
19| [139551] cPanel up to 58.0.3 Purchase and Install an SSL Certificate Page Domain information disclosure
20| [139549] cPanel up to 59.9999.144 tail_upcp2.cgi cross site scripting
21| [139548] cPanel up to 59.9999.144 Multipart Message File privilege escalation
22| [139547] cPanel up to 59.9999.144 Script Code Execution
23| [139546] cPanel up to 59.9999.144 Mailman List Archive Code Execution
24| [139545] cPanel up to 60.0.14 Password Policy denial of service
25| [139544] cPanel up to 60.0.24 HTTP POST weak encryption
26| [139543] cPanel up to 60.0.24 Error Response Code Execution
27| [139542] cPanel up to 60.0.24 Maketext Code Execution
28| [139541] cPanel up to 60.0.24 Access Control privilege escalation
29| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
30| [139539] cPanel up to 60.0.24 File Copy information disclosure
31| [139538] cPanel up to 60.0.24 Alias Upload Interface cross site scripting
32| [139537] cPanel up to 60.0.24 SSL_listkeys Stored cross site scripting
33| [139536] cPanel up to 60.0.24 postgres API1 listdbs Stored cross site scripting
34| [139535] cPanel up to 60.0.24 UI_confirm API cross site scripting
35| [139534] cPanel up to 60.0.24 ftp_sessions API Stored cross site scripting
36| [139533] cPanel up to 60.0.24 api1_listautoresponders Stored cross site scripting
37| [139532] cPanel up to 60.0.24 listftpstable API Stored cross site scripting
38| [139531] cPanel up to 60.0.24 WHM Tweak Settings for autodiscover_host cross site scripting
39| [139530] cPanel up to 60.0.24 WHM Account Termination Stored cross site scripting
40| [139495] cPanel up to 62.0.3 WHM API privilege escalation
41| [139494] cPanel up to 62.0.3 Account Suspension Stored cross site scripting
42| [139493] cPanel up to 62.0.3 WHM API API Call privilege escalation
43| [139492] cPanel up to 62.0.3 WHM SSL certificate Generation Email privilege escalation
44| [139491] cPanel up to 62.0.3 XML-API ACL privilege escalation
45| [139490] cPanel up to 62.0.3 Exim privilege escalation
46| [139489] cPanel up to 62.0.3 Leech Protect privilege escalation
47| [139488] cPanel up to 62.0.3 Exim privilege escalation
48| [139487] cPanel up to 62.0.3 Exim directory traversal
49| [139486] cPanel up to 62.0.3 WebMail cross site scripting
50| [139485] cPanel up to 62.0.3 Password Reset Reflected cross site scripting
51| [139484] cPanel up to 62.0.3 Password Change cross site scripting
52| [139483] cPanel up to 62.0.3 Test Account Default Credentials weak authentication
53| [139482] cPanel up to 62.0.16 API API Call Code Execution
54| [139481] cPanel up to 62.0.16 API setphppreference Code Execution
55| [139480] cPanel up to 62.0.16 URL Filter privilege escalation
56| [139479] cPanel up to 62.0.16 Domain privilege escalation
57| [139477] cPanel up to 62.0.16 WHM Zone Template Editor privilege escalation
58| [139476] cPanel up to 62.0.16 IP Protection Bypass privilege escalation
59| [139475] cPanel up to 60.0.24 reassign_post_terminate_cruft privilege escalation
60| [139474] cPanel up to 60.0.24 tail_ea4_migration.cgi cross site scripting
61| [139473] cPanel up to 60.0.24 Message Format String
62| [139471] cPanel up to 60.0.24 ModSecurity Audit Logfile privilege escalation
63| [139470] cPanel up to 60.0.24 RoundCube Update privilege escalation
64| [139469] cPanel up to 60.0.24 FormMail-clone.cgi Open Redirect
65| [139468] cPanel up to 60.0.24 MySQL Upgrade File privilege escalation
66| [139467] cPanel up to 60.0.24 WHM Repair Mailbox Permissions Interface Stored cross site scripting
67| [139361] cPanel up to 62.0.16 Security Policy privilege escalation
68| [139356] cPanel up to 62.0.16 WHM cPAddons showsecurity Interface cross site scripting
69| [139355] cPanel up to 62.0.16 Addon Domain Conversion privilege escalation
70| [139354] cPanel up to 62.0.23 WHM cPAddons Install Interface Stored cross site scripting
71| [139353] cPanel up to 64.0.20 Account Rename privilege escalation
72| [139351] cPanel up to 64.0.20 crontab Timing information disclosure
73| [139350] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
74| [139349] cPanel up to 64.0.20 convert_roundcube_mysql2sqlite privilege escalation
75| [139348] cPanel up to 64.0.20 Serverinfo_manpage API API Call directory traversal
76| [139347] cPanel up to 64.0.20 ClamScanner_getsocket API Code Execution
77| [139346] cPanel up to 64.0.20 SourceIPCheck API directory traversal
78| [139345] cPanel up to 64.0.20 SSL API API Call privilege escalation
79| [139344] cPanel up to 64.0.20 SSH API Command privilege escalation
80| [139343] cPanel up to 64.0.20 SSH Port Forwarding privilege escalation
81| [139342] cPanel up to 64.0.20 API Cpanel::SPFUI privilege escalation
82| [139341] cPanel up to 64.0.20 Demo Account Open Redirect
83| [139340] cPanel up to 64.0.20 traceroute privilege escalation
84| [139339] cPanel up to 64.0.20 ImageManager API Call Code Execution
85| [139338] cPanel up to 64.0.20 Encoding API Call Code Execution
86| [139336] cPanel up to 64.0.20 API Call Fileman::getfileactions directory traversal
87| [139335] cPanel up to 64.0.20 BoxTrapper API Code Execution
88| [139333] cPanel up to 64.0.20 Filter API API Call Code Execution
89| [139331] cPanel up to 66.0.0 Suspend privilege escalation
90| [139326] cPanel up to 66.0.1 Log File information disclosure
91| [139320] cPanel up to 66.0.1 WHM cPAddons Processing Stored cross site scripting
92| [139319] cPanel up to 66.0.1 WHM cPAddons Uninstallation Stored cross site scripting
93| [139318] cPanel up to 66.0.1 WHM cPAddons file Operation Stored cross site scripting
94| [139317] cPanel up to 66.0.1 WHM cPAddons Installation Stored cross site scripting
95| [139316] cPanel up to 67.9999.102 Roundcube SQLite Schema Update directory traversal
96| [139314] cPanel up to 67.9999.102 redirect.html Open Redirect
97| [139311] cPanel up to 67.9999.102 Addon Domain Conversion privilege escalation
98| [139310] cPanel up to 67.9999.102 Backup Archive information disclosure
99| [139309] cPanel up to 67.9999.102 Backup Interface Archive information disclosure
100| [139308] cPanel up to 67.9999.102 WHM MySQL Password Change Interfaces Stored cross site scripting
101| [139307] cPanel up to 67.9999.102 Support-Agreement Download weak authentication
102| [139306] cPanel up to 67.9999.102 eximstats sql injection
103| [139304] cPanel up to 68.0.14 Domain denial of service
104| [139303] cPanel up to 68.0.14 Mailman Archive Code Execution
105| [139302] cPanel up to 68.0.14 cpaddons Stored cross site scripting
106| [139301] cPanel up to 68.0.14 Username unknown vulnerability
107| [139299] cPanel up to 68.0.14 sqloptimizer information disclosure
108| [139298] cPanel up to 68.0.14 Hostname privilege escalation
109| [139295] cPanel up to 68.0.14 SSL Username privilege escalation
110| [139294] cPanel up to 68.0.14 Username privilege escalation
111| [139293] cPanel up to 68.0.14 Email Username privilege escalation
112| [139292] cPanel up to 68.0.14 PostgreSQL Database Collision privilege escalation
113| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
114| [139287] cPanel up to 68.0.14 Reseller Style Upload Code Execution
115| [139286] cPanel up to 68.0.14 PostgresAdmin Code Execution
116| [139282] cPanel up to 68.0.14 DNS Zone SOA Record privilege escalation
117| [139260] cPanel up to 68.0.26 WHM listips Interface cross site scripting
118| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
119| [139258] cPanel up to 68.0.26 WHM Spamd Startup Config cross site scripting
120| [139257] cPanel up to 68.0.26 WHM Account Transfer Stored cross site scripting
121| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
122| [139255] cPanel up to 68.0.26 Backup cross site scripting
123| [139252] cPanel up to 68.0.26 bin/csvprocess privilege escalation
124| [139245] cPanel up to 68.0.26 WHM API API Call privilege escalation
125| [139244] cPanel up to 68.0.26 Rename User Name information disclosure
126| [139242] cPanel up to 70.0.22 WHM Reset a DNS Zone Stored cross site scripting
127| [139241] cPanel up to 70.0.22 Account Suspension privilege escalation
128| [139240] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
129| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
130| [139238] cPanel up to 70.0.22 Landing Page Code Execution
131| [139237] cPanel up to 70.0.22 Htaccess Optimization Bypass privilege escalation
132| [139236] cPanel up to 70.0.22 redirect.html Open Redirect
133| [139235] cPanel up to 70.0.22 cpaddons Vendor Interface Stored cross site scripting
134| [139231] cPanel up to 70.0.22 WHM Style Upload privilege escalation
135| [139230] cPanel up to 70.0.22 WHM Synchronize DNS Record Stored cross site scripting
136| [139229] cPanel up to 70.0.22 WHM DNS Cleanup Stored cross site scripting
137| [139228] cPanel up to 70.0.22 WHM Delete a DNS Zone Stored cross site scripting
138| [139227] cPanel up to 70.0.22 HM Edit DNS Zone Stored cross site scripting
139| [139226] cPanel up to 70.0.22 WHM Create Account Stored cross site scripting
140| [139225] cPanel up to 70.0.22 WHM DNS Cluster Stored cross site scripting
141| [139223] cPanel up to 70.0.22 WHM Edit MX Entry Stored cross site scripting
142| [139222] cPanel up to 70.0.22 WHM Edit DNS Zone Stored cross site scripting
143| [139221] cPanel up to 70.0.22 OpenID Injection privilege escalation
144| [139220] cPanel up to 70.0.22 trustclustermaster.cgi information disclosure
145| [139219] cPanel up to 70.0.22 awstats Code Execution
146| [139218] cPanel up to 70.0.22 cpaddonsup Code Execution
147| [139217] cPanel up to 70.0.22 WHM cPAddons showsecurity Interface cross site scripting
148| [139214] cPanel up to 71.9980.36 API Mime::list_hotlinks privilege escalation
149| [139213] cPanel up to 71.9980.36 Image Feature API Call privilege escalation
150| [139212] cPanel up to 71.9980.36 Backup API Call privilege escalation
151| [139211] cPanel up to 71.9980.36 cron API Call privilege escalation
152| [139210] cPanel up to 71.9980.36 WHM Backup Configuration Interface cross site scripting
153| [139208] cPanel up to 71.9980.36 WHM Save Theme Interface Stored cross site scripting
154| [139207] cPanel up to 71.9980.36 YUM Autorepair Stored cross site scripting
155| [139206] cPanel up to 71.9980.36 WHM cPAddons Installation Interface Stored cross site scripting
156| [139205] cPanel up to 71.9980.36 cPAddons Moderation Injection privilege escalation
157| [139202] cPanel up to 71.9980.36 API Token ACL unknown vulnerability
158| [139199] cPanel up to 73.x CAA Record privilege escalation
159| [139197] cPanel up to 73.x Record privilege escalation
160| [139194] cPanel up to 73.x Database Backup sql injection
161| [139190] cPanel up to 11.53.x WHM API Zone privilege escalation
162| [139189] cPanel up to 11.53.x Webmail API Password Reset privilege escalation
163| [139188] cPanel up to 11.53.x DNS NS Entry Code Execution
164| [139187] cPanel up to 11.53.x Email Sending privilege escalation
165| [139186] cPanel up to 11.53.x Comet Feed information disclosure
166| [139185] cPanel up to 11.54.0.3 cpsrvd Code Execution
167| [139184] cPanel up to 11.54.0.3 X3 Entropy Banner Interface cross site scripting
168| [139183] cPanel up to 11.54.0.3 WHM Feature Manager interface Stored cross site scripting
169| [139182] cPanel up to 11.54.0.3 AppConfig Subsystem ACL privilege escalation
170| [139181] cPanel up to 11.54.0.3 WHM PHP Configuration Editor Interface cross site scripting
171| [139180] cPanel up to 11.54.0.3 synccpaddonswithsqlhost Code Execution
172| [139179] cPanel up to 11.54.0.3 scripts/secureit privilege escalation
173| [139178] cPanel up to 11.54.0.3 scripts/quotacheck directory traversal
174| [139177] cPanel up to 11.54.0.3 scripts/fixmailboxpath directory traversal
175| [139176] cPanel up to 11.54.0.3 Roundcube Database Conversion privilege escalation
176| [139175] cPanel up to 11.54.0.3 check_system_storable directory traversal
177| [139174] cPanel up to 11.54.0.3 chcpass Password information disclosure
178| [139173] cPanel up to 11.54.0.3 JSON-API Code Execution
179| [139172] cPanel up to 11.54.0.3 setup_global_spam_filter.pl directory traversal
180| [139171] cPanel up to 11.54.0.3 bin/mkvhostspasswd information disclosure
181| [139170] cPanel up to 11.54.0.3 Duplication Code Execution
182| [139169] cPanel up to 11.54.0.3 horde_update_usernames sql injection
183| [139168] cPanel up to 11.54.0.3 bin/fmq directory traversal
184| [139167] cPanel up to 11.54.0.3 @INC Path Code Execution
185| [139166] cPanel up to 55.9999.140 Authentication directory traversal
186| [139165] cPanel up to 55.9999.140 cPHulkd privilege escalation
187| [139164] cPanel up to 55.9999.140 FTP Lockout privilege escalation
188| [139163] cPanel up to 55.9999.140 cPHulkd privilege escalation
189| [139162] cPanel up to 55.9999.140 FTP cPHulk privilege escalation
190| [139161] cPanel up to 55.9999.140 Two-factor Authentication weak authentication
191| [139160] cPanel up to 55.9999.140 ACL Bypass privilege escalation
192| [139158] cPanel up to 55.9999.140 @INC Path Code Execution
193| [139157] cPanel up to 55.9999.140 WHM Edit System Mail Preferences Stored cross site scripting
194| [139156] cPanel up to 55.9999.140 Two Factor Authentication DNS Clustering Request Bypass weak authentication
195| [139155] cPanel up to 55.9999.140 Security Policy Bypass privilege escalation
196| [139154] cPanel up to 55.9999.140 DNS NS Entry Code Execution
197| [139153] cPanel up to 55.9999.140 Maketext Code Execution
198| [139152] cPanel up to 55.9999.140 X3 Reseller Branding Image cross site scripting
199| [139151] cPanel up to 55.9999.140 Scripts/addpop information disclosure
200| [139150] cPanel up to 55.9999.140 Daemons privilege escalation
201| [139149] cPanel up to 57.9999.53 cpanellogd information disclosure
202| [139148] cPanel up to 57.9999.53 File Permission Log privilege escalation
203| [139147] cPanel up to 57.9999.53 ModSecurity TailWatch Log File sql injection
204| [139146] cPanel up to 57.9999.53 WebMail Code Execution
205| [139145] cPanel up to 57.9999.53 WebMail directory traversal
206| [139144] cPanel up to 57.9999.53 Demo Mode show_template.stor privilege escalation
207| [139143] cPanel up to 57.9999.53 FTP Account cross site scripting
208| [139142] cPanel up to 11.52.0.12 get_information_for_applications directory traversal
209| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
210| [139129] cPanel up to 73.x WHM File Restoration Interface Stored cross site scripting
211| [139128] cPanel up to 74.0.7 Account Suspension privilege escalation
212| [139126] cPanel up to 74.0.7 Security Questions Login Page Stored cross site scripting
213| [139124] cPanel up to 74.0.7 Demo Account Fileman::viewfile Code Execution
214| [139123] cPanel up to 74.0.7 File and Directory Restoration Stored cross site scripting
215| [139122] cPanel up to 74.0.7 WHM Style Upload Interface cross site scripting
216| [139121] cPanel up to 74.0.7 Site Software Moderation Interface cross site scripting
217| [139120] cPanel up to 74.0.7 WHM Security Questions Interface cross site scripting
218| [139119] cPanel up to 74.0.7 Create a New Account cross site scripting
219| [139021] cPanel up to 78.0.1 Connection Reset File privilege escalation
220| [139019] cPanel up to 78.0.1 DCV API privilege escalation
221| [139016] cPanel up to 78.0.1 Demo Account privilege escalation
222| [139015] cPanel up to 78.0.1 OpenID information disclosure
223| [139014] cPanel up to 78.0.17 BoxTrapper Queue Listing Stored cross site scripting
224| [139013] cPanel up to 78.0.17 securitypolicy.cg Code Execution
225| [139011] cPanel up to 78.0.17 Mail Relay Spam privilege escalation
226| [139009] cPanel up to 78.0.17 API Code Execution
227| [139006] cPanel up to 80.0.4 ajax_maketext_syntax_util.pl Code Execution
228| [139005] cPanel up to 80.0.4 API privilege escalation
229| [139000] cPanel up to 80.0.21 Demo Account Code Execution
230| [138998] cPanel up to 82.0.1 Modify Account Interface Stored cross site scripting
231| [138996] cPanel up to 82.0.1 Exim Log Parser privilege escalation
232| [138995] cPanel up to 82.0.1 Webmail Master Template cross site scripting
233| [138994] cPanel up to 82.0.1 WHM Tomcat Manager Interface Stored cross site scripting
234| [138974] cPanel up to 76.0.7 MultiPHP Manager Interface Stored cross site scripting
235| [138973] cPanel up to 76.0.7 Connection Open Redirect
236| [138972] cPanel up to 76.0.7 DNS Zone Stored cross site scripting
237| [138971] cPanel up to 76.0.7 Backup cross site scripting
238| [138970] cPanel up to 76.0.7 Virtual FTP Server privilege escalation
239| [138969] cPanel up to 76.0.7 Attachment Code Execution
240| [123444] cPanel up to 74 HTML Rendering index.html cross site scripting
241| [114155] Afian FileRun ?module=users§ion=cpanel&page=list Parameter sql injection
242| [103771] cPanel up to 66.0.1 WHM Upload Locale Interface Filename cross site scripting
243| [95199] cPanel entropysearch.cgi information disclosure
244| [95198] cPanel entropysearch.cgi information disclosure
245| [75240] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
246| [75239] GoAutoDial GoAdmin CE up to 3.3 cPanel go_site.php privilege escalation
247| [13380] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Interfaces cross site scripting
248| [13379] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Locales ACL privilege escalation
249| [13378] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Mailman List Password change_pw weak encryption
250| [13377] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Configure Customer Contact privilege escalation
251| [13376] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering ACL privilege escalation
252| [13375] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 DNS Clustering Commands privilege escalation
253| [13370] cPanel 11.40.1.13/11.42.1.15 Database ADDDBPRIVS Command privilege escalation
254| [13369] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Boxtrapper cgi-sys Script bxd.cgi denial of service
255| [13368] cPanel 11.40.1.13/11.42.1.15 Transfer CGI Scripts privilege escalation
256| [13367] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call serviceinfo privilege escalation
257| [13366] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 Thirdparty Service Call /scripts2/showservice privilege escalation
258| [13365] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 SSH Key Password privilege escalation
259| [13363] cPanel 11.40.1.13/11.42.1.15/11.43.0.11 cgiemail 1.6 privilege escalation
260| [13361] cPanel up to 11.43.0.11/11.42.1.15/11.40.1.13 unknown vulnerability
261| [12816] cPanel 11.38.2/11.40.1/11.42.0 Modify Account Interface privilege escalation
262| [12814] cPanel 11.38.2/11.40.1/11.42.0 URL cross site scripting
263| [12813] cPanel 11.38.2/11.40.1/11.42.0 Password Reset privilege escalation
264| [12809] cPanel 11.38.2/11.40.1/11.42.0 Form Mailer Header FormMail.pl privilege escalation
265| [12808] cPanel 11.38.2/11.40.1/11.42.0 XML-API batch memory corruption
266| [12807] cPanel 11.38.2/11.40.1/11.42.0 wwwacct Interface /scripts5/wwwacct privilege escalation
267| [12806] cPanel 11.38.2/11.40.1/11.42.0 objcache Storage System Template Toolkit memory corruption
268| [12805] cPanel 11.38.2/11.40.1/11.42.0 XML information disclosure
269| [12798] cPanel 11.38.2/11.40.1/11.42.0 /cgi/cpaddons_report.pl cross site scripting
270| [12797] cPanel 11.38.2/11.40.1/11.42.0 DNS Zone Editor information disclosure
271| [12796] cPanel WHM 11.38.2/11.40.1/11.42.0 /cgi/sshcheck.cgi cross site scripting
272| [12795] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/installfp cross site scripting
273| [12794] cPanel WHM 11.38.2/11.40.1/11.42.0 /scripts/uninstallfp cross site scripting
274| [12793] cPanel 11.38.2/11.40.1/11.42.0 entropysearch.cgi cross site scripting
275| [12792] cPanel 11.38.2/11.40.1/11.42.0 activate_remote_nameservers.cgi maketext privilege escalation
276| [12285] cPanel 11.38.2/11.40.1/11.42.0 filelist-thumbs.html cross site scripting
277| [12284] cPanel 11.38.2/11.40.1/11.42.0 editit.html cross site scripting
278| [12283] cPanel 11.38.2/11.40.1/11.42.0 def.html cross site scripting
279| [12282] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 DNS Cluster privilege escalation
280| [12281] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 New Account wwwacctform locale/cpmod Parameter privilege escalation
281| [12280] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/cpaddons_feature.pl cross site scripting
282| [12279] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Account Creation Ruby Code privilege escalation
283| [12278] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Backup Restore privilege escalation
284| [12277] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API Bypass privilege escalation
285| [12276] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 /cgi/zoneeditor.cgi Newline privilege escalation
286| [12275] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 WHM Interface /scripts/park directory traversal
287| [12274] cPanel 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 XML API get_remote_access_hash information disclosure
288| [12273] cPanel 11.36.2.9/11.38.2.12 Account Creation directory traversal
289| [12220] cPanel 11.36.2.10/11.38.2.13/11.40.0.29/11.40.1.3 WHM XML/JSON API getpkginfo information disclosure
290| [11601] cPanel WHM 11.36.2.11/11.38.2.14/11.40.0.30/11.40.1.6 XML/JSON getpkginfo information disclosure
291| [11625] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Login Security Token information disclosure
292| [11624] cPanel WHM 11.38.2.12 Branding Subsystem privilege escalation
293| [11621] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cPAddons Upgrade Password information disclosure
294| [11620] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Edit DNS Zone Interface Entry information disclosure
295| [11619] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 SSH Authentication User Name privilege escalation
296| [11618] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 X3 Theme countedit.cgi directory traversal
297| [11616] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cpsrvd HTTP Request Bypass privilege escalation
298| [11613] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Bandmin Reflected cross site scripting
299| [11612] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 API Call UI::dynamicincludelist directory traversal
300| [11609] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Config cross site request forgery
301| [11608] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 Translatable Phrase Locale::Maketext privilege escalation
302| [11607] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 CSRF Protection Token Bypass cross site request forgery
303| [11606] cPanel WHM 11.36.2.9/11.38.2.12/11.40.0.28/11.40.1.2 cross site scripting
304| [11604] cPanel WHM 11.36.2.9 Virtualhost Installation privilege escalation
305| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
306| [11017] cPanel WHM up to 11.40.0.11 SSL Certificate denial of service
307| [11016] cPanel WHM up to 11.40.0.11 Configure Customer Contact Interface Bypass privilege escalation
308| [11015] cPanel WHM up to 11.40.0.11 Bypass cross site scripting
309| [11014] cPanel WHM up to 11.40.0.11 File Upload Bypass privilege escalation
310| [11013] cPanel WHM up to 11.40.0.11 POST Request privilege escalation
311| [11011] cPanel WHM up to 11.40.0.11 Cpanel::LogMeIn weak authentication
312| [11010] cPanel WHM up to 11.40.0.11 logaholic_lang Cookie privilege escalation
313| [11007] cPanel WHM up to 11.40.0.11 Manage SSL Hosts Interface cross site request forgery
314| [9921] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 SSL Certificate privilege escalation
315| [9920] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
316| [9919] cPanel WHM 11.34.1.24/11.36.1.14/11.38.1.12/11.39.0.4 Web Host Manager WHM privilege escalation
317| [10129] cPanel WHM up to 11.38.0.14 cross site scripting
318| [10126] cPanel WHM up to 11.38.0.14 weak authentication
319| [9361] cPanel WHM up to 11.38.0.14 Web Host Manager privilege escalation
320| [9352] cPanel WHM up to 11.38.0.8 Restore Full Backup Symlink unknown vulnerability
321| [9348] cPanel WHM up to 11.36.1.5 scripts2/ssh_doaddkey unknown vulnerability
322| [10123] cPanel WHM up to 11.36.0.9 Access Control privilege escalation
323| [10122] cPanel WHM up to 11.36.0.9 countedit.cgi cross site scripting
324| [91109] cPanel WHM v11.24.7.x cross site scripting
325| [52940] cPanel up to 11.24.7 cross site scripting
326| [86883] cPanel fileop.html cross site scripting
327| [48827] cPanel up to 11.23.1 Current index.php directory traversal
328| [48812] cPanel directory traversal
329| [49331] cPanel autoinstall4imagesgalleryupgrade.php cross site scripting
330| [42542] cPanel 11.8.6/11.23.1 memory corruption
331| [42303] cPanel up to 11.22.2 WHM Interface cross site request forgery
332| [42302] cPanel up to 11.22.2 WHM Interface cross site scripting
333| [42219] cPanel 11.18.3/11.19.3 cross site request forgery
334| [41689] cPanel 11.18.3/11.21 cross site scripting
335| [49762] cPanel 11.18.3 index.html directory traversal
336| [40642] cPanel 11.16 dohtaccess.html cross site scripting
337| [38023] cPanel 10.9.1 changepro.html cross site scripting
338| [37433] cPanel 10.9.0 Build 10300/11.4.19 Error Message information disclosure
339| [37432] cPanel 10.9.0 Build 10300/11.4.19 CGI Wrapper cross site scripting
340| [35618] cPanel 10.x directory traversal
341| [34925] cPanel WebHost Manager memory corruption
342| [34986] cPanel WebHost Manager up to 11.0.0 cross site scripting
343| [85585] cPanel scripts2/objcache memory corruption
344| [85156] cPanel WebHost Manager scripts2/objcache privilege escalation
345| [30642] cPanel privilege escalation
346| [33838] cPanel WebHost Manager 3.1.0 cross site scripting
347| [33814] cPanel 11 cross site scripting
348| [33536] cPanel WebHost Manager 3.1.0 cross site scripting
349| [84843] cPanel newuser.html cross site scripting
350| [33243] cPanel 10 seldir.html cross site scripting
351| [32973] cPanel 10.9.0 R50 cross site scripting
352|
353| MITRE CVE - https://cve.mitre.org:
354| [CVE-2009-4823] Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
355| [CVE-2009-3316] SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
356| [CVE-2009-2275] Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter.
357| [CVE-2009-2168] cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a redirect to the web browser but does not exit when the supplied credentials are incorrect, which allows remote attackers to bypass authentication by providing arbitrary username and password parameters.
358| [CVE-2009-2167] Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
359| [CVE-2008-7142] Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter.
360| [CVE-2008-6927] Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action.
361| [CVE-2008-6926] Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory.
362| [CVE-2008-6843] Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter.
363| [CVE-2008-4181] Directory traversal vulnerability in includes/xml.php in the Netenberg Fantastico De Luxe module before 2.10.4 r19 for cPanel, when cPanel PHP Register Globals is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) or absolute pathname in the fantasticopath parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
364| [CVE-2008-2478] ** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel."
365| [CVE-2008-2071] Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
366| [CVE-2008-2070] The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors.
367| [CVE-2008-2043] Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html.
368| [CVE-2008-1499] Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
369| [CVE-2008-0370] Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information.
370| [CVE-2007-4022] Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter.
371| [CVE-2007-3367] Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown
372| [CVE-2007-3366] Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown
373| [CVE-2007-1455] Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
374| [CVE-2007-0890] Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter.
375| [CVE-2007-0854] Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents.
376| [CVE-2006-6566] PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
377| [CVE-2006-6548] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198.
378| [CVE-2006-6523] Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
379| [CVE-2006-6198] Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
380| [CVE-2006-5883] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.
381| [CVE-2006-5535] Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
382| [CVE-2006-5014] Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
383| [CVE-2006-4293] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.
384| [CVE-2006-3337] Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
385| [CVE-2006-2825] cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive.
386| [CVE-2006-1119] fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.
387| [CVE-2006-0763] Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via a URL encoded value in the fwd parameter.
388| [CVE-2006-0574] Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.
389| [CVE-2006-0573] Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html
390| [CVE-2006-0533] Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
391| [CVE-2005-3505] Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.
392| [CVE-2005-2021] Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
393| [CVE-2004-2398] Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
394| [CVE-2004-2308] Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
395| [CVE-2004-1875] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
396| [CVE-2004-1849] Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
397| [CVE-2004-1770] The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
398| [CVE-2004-1769] The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
399| [CVE-2004-1604] cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
400| [CVE-2004-1603] cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
401| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
402| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
403| [CVE-2003-1426] Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
404| [CVE-2003-1425] guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
405| [CVE-2003-0521] Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
406|
407| SecurityFocus - https://www.securityfocus.com/bid/:
408| [95395] cPanel Multiple Security Vulnerabilities
409| [90463] cPanel CVE-2004-1604 Remote Security Vulnerability
410| [85002] cPanel CVE-2008-2043 Cross-Site Request Forgery Vulnerability
411| [84099] cPanel CVE-2006-0573 Cross-Site Scripting Vulnerability
412| [84076] cPanel CVE-2006-0533 Cross-Site Scripting Vulnerability
413| [84074] cPanel CVE-2006-0574 Cross-Site Scripting Vulnerability
414| [84064] cPanel CVE-2006-0763 Cross-Site Scripting Vulnerability
415| [82752] cPanel CVE-2003-0521 Cross-Site Scripting Vulnerability
416| [80161] cPanel CVE-2006-2825 Remote Security Vulnerability
417| [67611] cPanel Multiple Unspecified Security Vulnerabilities
418| [66561] cPanel Multiple Security Vulnerabilities
419| [65618] cPanel Horde Backup Archive Insecure File Permissions Vulnerability
420| [65464] cPanel Multiple Security Vulnerabilities
421| [65159] Cpanel CloudFlare Plugin Local Security Bypass Vulnerability
422| [64511] cPanel WHM XML and JSON APIs Multiple Arbitrary File Disclosure Vulnerabilities
423| [64472] cPanel Multiple Security Vulnerabilities
424| [64016] cPanel Varnish Plugin Multiple Security Vulnerabilities
425| [63831] Add-On Domain to Main Account Convertor cPanel WHM Plugin Arbitrary Command Execution Vulnerability
426| [63829] Add-On Domain to Main Account Convertor cPanel WHM Plugin Local Privilege Escalation Vulnerability
427| [63371] cPanel Multiple Security Vulnerabilities
428| [63220] CloudFlare Plugin For cPanel Arbitrary File Write Local Privilege Escalation Vulnerability
429| [62140] cPanel Multiple Security Vulnerabilities
430| [61812] cPanel Multiple Remote Security Vulnerabilities
431| [61018] cPanel 'cpanellogd' Multiple Remote Privilege Escalation Vulnerabilities
432| [60672] WHMXtra Cpanel Xtra Plugin Unspecified Local Security Bypass Vulnerability
433| [60663] cPanel Varnish Plugin Remote Privilege Escalation Vulnerability
434| [57064] cPanel 'dir' Parameter Cross Site Scripting Vulnerability
435| [57060] cPanel and WHM Multiple Cross Site Scripting Vulnerabilities
436| [57045] cPanel 'account' Parameter Cross Site Scripting Vulnerability
437| [56818] cPanel Multiple Unspecified Vulnerabilities
438| [53757] cPanel Multiple Unspecified Vulnerabilities
439| [47621] cPanel X3 File Manager Module Cross-Site Scripting Vulnerability
440| [41723] cPanel Unspecified Cross Site Scripting Vulnerability
441| [41391] cPanel Cross-Site Request Forgery Vulnerability
442| [40622] cPanel Image Manager 'target' Parameter Local File Include Vulnerability
443| [37902] cPanel and WHM 'failurl' Parameter HTTP Response Splitting Vulnerability
444| [37394] cPanel 'fileop' Parameter Multiple Cross Site Scripting Vulnerabilities
445| [35518] cPanel 'lastvisit.html' Arbitrary File Disclosure Vulnerability
446| [34142] cPanel Legacy File Manager File Name HTML Injection Vulnerability
447| [33840] cPanel HTML Injection and Cross-Site Scripting Vulnerabilities
448| [29277] cPanel 'wwwact' Remote Privilege Escalation Vulnerability
449| [29125] cPanel Multiple Cross-Site Scripting Vulnerabilities
450| [28403] cPanel 'manpage.html' Cross-Site Scripting Vulnerability
451| [28300] cPanel List Directories and Folders Information Disclosure Vulnerability
452| [27308] cPanel 'dohtaccess.html' Cross-Site Scripting Vulnerability
453| [25047] CPanel Resname Parameter Cross-Site Scripting Vulnerability
454| [24586] CPanel SCGIwrap Path Disclosure And Cross-Site Scripting Vulnerabilities
455| [22915] cPanel Multiple Local File Include Vulnerabilities
456| [22474] CPanel PassWDMySQL Cross-Site Scripting Vulnerability
457| [22455] Cpanel Web Hosting Manager OBJCache.PHP Remote File Include Vulnerability
458| [21497] CPanel BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
459| [21387] CPanel Multiple HTML Injection Vulnerabilities
460| [21287] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
461| [21142] CPanel DNSlook.HTML Cross-Site Scripting Vulnerability
462| [21027] CPanel User and Dir Parameters Multiple Cross-Site Scripting Vulnerabilities
463| [20683] CPanel Multiple Cross-Site Scripting Vulnerabilities
464| [20163] CPanel SUID Wrapper Remote Privilege Escalation Vulnerability
465| [19624] CPanel Multiple Cross-Site Scripting Vulnerabilities
466| [18671] cPanel OnMouseover Cross-Site Scripting Vulnerability
467| [18655] Cpanel Select.HTML Cross-Site Scripting Vulnerability
468| [16482] cPanel Multiple Cross-Site Scripting Vulnerabilities
469| [15327] cPanel Chat Message Field HTML Injection Vulnerability
470| [13996] cPanel User Parameter Cross-Site Scripting Vulnerability
471| [11456] cPanel Front Page Extension Installation Information Disclosure Vulnerability
472| [11455] cPanel Front Page Extension Installation File Ownership Vulnerability
473| [11449] cPanel Remote Backup Information Disclosure Vulnerability
474| [10505] cPanel Passwd Remote SQL Injection Vulnerability
475| [10479] Multiple CPanel Perl Script Failure To Implement Taint Mode Weakness
476| [10468] cPanel Killacct Script Customer Account DNS Information Deletion Vulnerability
477| [10407] cPanel Local Privilege Escalation Vulnerability
478| [10002] cPanel Multiple Module Cross-Site Scripting Vulnerabilities
479| [9965] CPanel Multiple Cross-Site Scripting Vulnerabilities
480| [9855] cPanel Login Script Remote Command Execution Vulnerability
481| [9853] cPanel dir Parameter Cross-Site Scripting Vulnerability
482| [9848] cPanel Resetpass Remote Command Execution Vulnerability
483| [8119] CPanel Admin Interface HTML Injection Vulnerability
484| [7758] cPanel/Formail-Clone E-Mail Restriction Bypass Vulnerability
485| [6885] cPanel Openwebmail Local Privileges Escalation Vulnerability
486| [6882] cPanel Guestbook.cgi Remote Command Execution Vulnerability
487|
488| IBM X-Force - https://exchange.xforce.ibmcloud.com:
489| [85491] cPanel cpanellogd multiple privilege escalation
490| [85114] Cpanel Xtra plugin for WHMXtra unspecified security bypass
491| [80880] cPanel dir.html dir parameter cross-site scripting
492| [80854] cPanel and WHM clientconf.html and detailbw.html cross-site scripting
493| [80822] cPanel manage.html cross-site scripting
494| [80514] cPanel multiple unspecified vulns
495| [79604] cPanel Pro multiple cross-site request forgery
496| [76017] cPanel multiple unspecified
497| [71957] Whois.Cart Billing cpanel_2_log.htm information disclosure
498| [67678] cPanel savefile.html cross-site request forgery
499| [67175] cPanel X3 File Manager index.html cross-site scripting
500| [63399] cPanel saveemail.html cross-site request forgery
501| [61515] cPanel autoinstallhome.php security bypass
502| [60429] cPanel unspecified cross-site scripting
503| [60035] cPanel doaddftp.html cross-site request forgery
504| [59275] Jreservation Component for Joomla! Property-Cpanel.html cross-site scripting
505| [59274] Jreservation Component for Joomla! Property-Cpanel.html SQL Injection
506| [59216] cPanel Image Manager target parameter file include
507| [56437] cPanel addb.html cross-site request forgery
508| [55814] cPanel failurl HTTP response splitting
509| [55211] Whois.Cart cpanel_1_log.htm infomation disclosure
510| [51426] cPanel lastvisit.html directory traversal
511| [51412] Whois.Cart cpanel_1_log.htm information disclosure
512| [51366] EgyPlus 7ml cpanel/login.php authentication bypass
513| [49293] cPanel file manager cross-site scripting
514| [48832] cPanel WHM interface cross-site request forgery
515| [48831] cPanel scripts2/confdkillproc cross-site scripting
516| [48830] cPanel .contactemail file cross-site scripting
517| [46991] cPanel index.php directory traversal
518| [46253] cPanel autoinstall4imagesgalleryupgrade.php cross-site scripting
519| [46252] cPanel autoinstall4imagesgalleryupgrade.php file include
520| [45147] Fantastico De Luxe module for cPanel xml.php file include
521| [42529] cPanel wwwact privilege escalation
522| [42306] cPanel WHM interface cross-site request forgery
523| [42305] cPanel WHM interface cross-site scripting
524| [42114] cPanel HTTP requests cross-site request forgery
525| [41374] cPanel manpage.html cross-site scripting
526| [41266] cPanel index.php showtree parameter information disclosure
527| [39711] cPanel Hosting Manager dohtaccess.html cross-site scripting
528| [35652] cPanel changepro.html cross-site scripting
529| [35009] cPanel scgiwrap (Simple CGI Wrapper) path disclosure
530| [35008] cPanel scgiwrap (Simple CGI Wrapper) cross-site scripting
531| [32933] cPanel load_language.php and mysqlconfig.php file include
532| [32462] cPanel passwdmysql cross-site scripting
533| [32400] cPanel and WebHost Manager (WHM) Module scripts2/objcache cross-site scripting
534| [30821] mxBB Cpanel Profile Module profilcp_constants.php file include
535| [30793] cPanel pops.html cross-site scripting
536| [30788] cPanel BoxTrapper manage.html cross-site scripting
537| [30493] cPanel multiple scripts cross-site scripting
538| [30413] cPanel Network Tools dnslook.html cross-site scripting
539| [30229] cPanel user parameter cross-site scripting
540| [29808] cPanel theme parameter cross-site scripting
541| [29249] cPanel unspecified privilege escalation
542| [28447] cPanel dohtaccess.html, editit.html and showfile.html cross-site scripting
543| [27403] cPanel files/select.html cross-site scripting
544| [26613] cPanel OpenBaseDir phpshell.php security bypass
545| [25277] cPanel fantastico path disclosure
546| [24839] cPanel dowebmailforward.cgi cross-site scripting
547| [24580] cPanel admin username disclosure
548| [24468] cPanel multiple scripts allow cross-site scripting
549| [22993] cPanel Entropy Chat script can allow cross-site scripting
550| [21781] cPanel administrator password allows domain access
551| [21084] cPanel cpsrvd.pl cross-site scripting
552| [17837] cPanel allows attacker to brute force account passwords
553| [17781] cPanel _private modify permissions
554| [17780] cPanel .htaccess modify ownership of files
555| [17779] cPanel backup could allow an attacker to view files
556| [16410] cPanel passwd allows password modification
557| [16381] cPanel taint weak security
558| [16347] cPanel suEXEC allows command execution
559| [16325] cPanel killacct account deletion
560| [16239] cPanel mod_phpsuexec allows command execution
561| [16197] cPanel Fantastico information disclosure
562| [15671] cPanel multiple scripts cross-site scripting
563| [15517] cPanel dodelautores.html or addhandle.html cross-site scripting
564| [15486] cPanel login scripts allows command execution
565| [15485] cPanel dir parameter allows cross-site scripting
566| [15443] cPanel resetpass section allows execution of commands
567| [12508] cPanel Error Log and Latest Visitors page cross-site scripting
568| [12237] cPanel Formail-clone domain name bypass allows email relaying
569| [11357] cPanel SCRIPT_FILENAME privilege elevation
570| [11356] cPanel guestbook.cgi command execution
571|
572| Exploit-DB - https://www.exploit-db.com:
573| [30380] CPanel 10.9.1 Resname Parameter Cross-Site Scripting Vulnerability
574| [29572] CPanel <= 11 PassWDMySQL Cross-Site Scripting Vulnerability
575| [29238] cPanel Web Hosting Manager 3.1 - Multiple Cross-Site Scripting Vulnerabilities
576| [29237] CPanel 11 BoxTrapper Manage.HTML Cross-Site Scripting Vulnerability
577| [29188] cPanel WebHost Manager 3.1 park ndomain Parameter XSS
578| [29187] cPanel WebHost Manager 3.1 dofeaturemanager feature Parameter XSS
579| [29186] cPanel WebHost Manager 3.1 editzone domain Parameter XSS
580| [29185] cPanel WebHost Manager 3.1 domts2 domain Parameter XSS
581| [29184] cPanel WebHost Manager 3.1 editpkg pkg Parameter XSS
582| [29183] cPanel WebHost Manager 3.1 addon_configsupport.cgi supporturl Parameter XSS
583| [29182] cPanel WebHost Manager 3.1 dochangeemail email Parameter XSS
584| [29181] CPanel 11 Beta Multiple Cross-Site Scripting Vulnerabilities
585| [29071] CPanel 10 DNSlook.HTML Cross-Site Scripting Vulnerability
586| [28983] cPanel 10 newuser.html Multiple Parameter XSS
587| [28982] cPanel 10 seldir.html dir Parameter XSS
588| [28844] cPanel 10.9 editzonetemplate template Parameter XSS
589| [28843] cPanel 10.9 dosetmytheme theme Parameter XSS
590| [28660] CPanel 5-10 SUID Wrapper Remote Privilege Escalation Vulnerability
591| [28415] cPanel 10.x showfile.html file Parameter XSS
592| [28414] cPanel 10.x editit.html file Parameter XSS
593| [28413] cPanel 10.x dohtaccess.html dir Parameter XSS
594| [28113] cPanel 10.8.1/10.8.2 OnMouseover Cross-Site Scripting Vulnerability
595| [28107] Cpanel 10 Select.HTML Cross-Site Scripting Vulnerability
596| [27162] cPanel 10.8.1 - Multiple Cross-Site Scripting Vulnerabilities
597| [25846] cPanel <= 9.1 User Parameter Cross-Site Scripting Vulnerability
598| [24689] cPanel 9.9.1 -R3 Front Page Extension Installation Information Disclosure
599| [24183] cPanel 5-9 Passwd Remote SQL Injection Vulnerability
600| [24172] cPanel 5-9 Killacct Script Customer Account DNS Information Deletion Vulnerability
601| [24141] cPanel 5-9 Local Privilege Escalation Vulnerability
602| [23807] cPanel 5/6/7/8/9 Login Script Remote Command Execution Vulnerability
603| [23806] cPanel 5/6/7/8/9 dir Parameter Cross-Site Scripting Vulnerability
604| [23804] cPanel 5/6/7/8/9 Resetpass Remote Command Execution Vulnerability
605| [22874] CPanel 5.0/5.3/6.x Admin Interface HTML Injection Vulnerability
606| [22693] cPanel 5/6,Formail-Clone E-Mail Restriction Bypass Vulnerability
607| [22265] cPanel 5.0 Openwebmail Local Privileges Escalation Vulnerability
608| [22263] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
609| [22262] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (3)
610| [22261] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
611| [22260] cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (1)
612| [17330] cPanel < 11.25 CSRF - Add User php Script
613| [15593] Cpanel 11.x - Edit E-mail Cross Site Request Forgery exploit
614| [14854] MOAUB #1 - Cpanel PHP Restriction Bypass Vulnerability 0day
615| [14188] Cpanel 11.25 - CSRF Add FTP Account Exploit
616| [11527] cPanel Multiple CSRF Vulnerabilities
617| [11211] cPanel HTTP Response Splitting Vulnerability
618| [9039] Cpanel - (lastvisit.html domain) Arbitrary File Disclosure Vulnerability (auth)
619| [6897] cpanel 11.x XSS / Local File Inclusion Vulnerability
620| [6461] Cpanel <= 11.x (Fantastico) LFI Vulnerability (sec bypass)
621| [3459] cPanel <= 10.9.x (fantastico) Local File Inclusion Vulnerabilities
622| [2554] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit (php)
623| [2466] cPanel <= 10.8.x (cpwrap via mysqladmin) Local Root Exploit
624|
625| OpenVAS (Nessus) - http://www.openvas.org:
626| No findings
627|
628| SecurityTracker - https://www.securitytracker.com:
629| [1028743] cPanel Flaws in Archive Function Let Local Users Gain Elevated Privileges
630| [1027928] cPanel Input Validation Flaws in 'clientconf.html' and 'detailbw.html' Permit Cross-Site Scripting Attacks
631| [1027923] cPanel Input Validation Flaw in 'account' Parameter Permits Cross-Site Scripting Attacks
632| [1027839] cPanel Unspecified Flaws Have Unspecified Impact
633| [1027111] cPanel Unspecified Flaws Have Unspecified Impact
634| [1024382] cPanel Error in 'autoinstallhome.php' Lets Local Users Bypass PHP Restrictions
635| [1022490] cPanel Input Validation Flaw in 'lastvisit.html' Lets Remote Users View Files
636| [1020042] cPanel Input Validation Flaw in 'Email' Parameter Lets Local Users Gain Elevated Privileges
637| [1016913] cPanel Bug Lets Remote Authenticated Users Gain Root Access
638| [1016383] cPanel Input Validation Flaw in 'select.html' Permits Cross-Site Scripting Attacks
639| [1015589] cPanel 'mime/handle.html' Input Validation Bug Permits Cross-Site Scripting Attacks
640| [1015157] cPanel Input Validation Hole in Entropy Chat Permits Cross-Site Scripting Attacks
641| [1014633] cPanel Domain Access Control Flaw May Let Remote Users Access Other Domains in Certain Cases
642| [1011877] cPanel Webmail Only Requires First Eight Characters of Password
643| [1011762] cPanel Backup and FrontPage Management Bugs Let Remote Authenticated Users View, Edit, and Own Arbitrary Files
644| [1010449] cPanel Access Control Flaw Lets Remote Authenticated Users Make Unauthorized Database Password Changes
645| [1010411] cPanel suEXEC Flaw May Let Remote Authenticated Users Execute Abitrary Code
646| [1010398] cPanel 'killacct' May Let Remote Authenticated Administrators Delete Accounts Belonging to Other Administrators
647| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
648| [1009541] cPanel 'dodelautores.html' and 'addhandle.html' Input Validation Flaws Permit Cross-Site Scripting Attacks
649| [1009402] cPanel 'dohtaccess' Input Validation Flaw Permits Cross-Site Scripting Attacks
650| [1009400] cPanel Password Reset and Login Features Let Remote Users Execute Arbitrary Commands With Root Privileges
651| [1007113] cPanel Log File Filtering Flaw Permits Remote Cross-Site Scripting Attacks Against Administrators
652| [1006127] cPanel Web Hosting Control Panel Bugs Let Remote Users Execute Arbitrary Commands and Local Users Gain Root Privileges
653|
654| OSVDB - http://www.osvdb.org:
655| [96167] SecPanel Unspecified User Plaintext Local Password Disclosure
656| [96166] cPanel WHM Suspend Function Arbitrary Account Lockout Local DoS
657| [96165] cPanel WHM Purchase and Install an SSL Certificate Feature Arbitrary File Overwrite
658| [96164] cPanel WHM Unspecified Arbitrary Domain Manipulation
659| [96163] cPanel WHM Unspecified Arbitrary DNS Zone Modification
660| [94918] cPanel cpanellogd Cpanel::Logs::prep_logs_path Archive Creation Local Privilege Escalation
661| [94904] RVSiteBuilder Plugin for cPanel Unspecified Symlink Local Privilege Escalation
662| [94903] RVSkin rvwrapper Arbitrary cPanel Account Manipulation
663| [94902] RVSiteBuilder Plugin for cPanel Unspecified Hardlink Arbitrary File Access
664| [94884] cPanel Web Host Manager (WHM) locale Function Privilege Escalation
665| [94868] cPanel Restore a Full Backup/cpmove File Feature Crafted Archive Restoration Symlink Arbitrary File Access
666| [94865] cPremote Plugin for cPanel Unauthorized User Backup Service Access
667| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
668| [94859] cPanel /scripts2/ssh_doaddkey Arbitrary SSH Key Overwrite DoS
669| [94427] WHMXtra Ultimate Pro Cpanel Xtra Plugin Arbitrary File Manipulation
670| [94333] Varnish Plugin for cPanel Advanced Configuration Page Remote Privilege Escalation
671| [88872] cPanel WebHost Manager (WHM) /webmail/x3/mail/filters/editfilter.html filtername Parameter XSS
672| [88820] cPanel dir.html dir Parameter XSS
673| [88773] cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS
674| [88749] cPanel frontend/x3/mail/manage.html account Parameter XSS
675| [88125] cPanel Multiple Unspecified Issues
676| [82646] cPanel cPDAVd Filename Parsing Remote Code Execution
677| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
678| [80801] Almnzm /admincpanel/index.php Arbitrary Admin Creation CSRF
679| [68373] cPanel Local safe_mode Bypass
680| [67159] cPanel Unspecified XSS
681| [61954] cPanel login/index.php failurl Parameter HTTP Response Splitting
682| [61231] cPanel frontend/x3/files/fileop.html fileop Parameter XSS
683| [56919] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php scriptpath_show Parameter Traversal Local File Inclusion
684| [55545] Fantastico for cPanel index.php sup3r Parameter Traversal Arbitrary File Access
685| [55515] cPanel frontend/x3/stats/lastvisit.html domain Parameter Traversal Arbitrary File Access
686| [55301] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
687| [55286] 7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
688| [54356] Fantastico De Luxe Module for cPanel language.php Manipulation Privilege Escalation
689| [53264] cPanel Legacy File Manager Filename XSS
690| [53263] cPanel Standard File Manager Filename XSS
691| [52253] cPanel Module Installation Function CSRF
692| [52252] cPanel Password Change Function CSRF
693| [52251] cPanel scripts2/confdkillproc Query String XSS
694| [52250] cPanel .contactemail Local File XSS
695| [51582] cPanel Disk Usage Module frontend/x/diskusage/index.html showtree Parameter Traversal Arbitrary Directory Listing
696| [49518] Fantastico De Luxe Module for cPanel autoinstall4imagesgalleryupgrade.php Multiple Parameter XSS
697| [48126] Fantastico De Luxe Module for cPanel includes/xml.php fantasticopath Parameter Local File Inclusion
698| [45816] cPanel scripts/wwwacct Email Address Field Arbitrary Shell Command Execution
699| [45068] WHM Interface for cPanel cpanel/whm/webmail CSRF
700| [45067] WHM Interface for cPanel scripts2/listaccts search Parameter XSS
701| [45066] WHM Interface for cPanel scripts2/changeip user Parameter XSS
702| [45065] WHM Interface for cPanel scripts2/knowlegebase issue Parameter XSS
703| [44848] cPanel frontend/x2/ftp/doaddftp.html command1 Parameter CSRF
704| [44847] cPanel frontend/x2/sql/adduser.html command1 Parameter CSRF
705| [44846] cPanel frontend/x2/sql/adddb.html command1 Parameter CSRF
706| [44845] cPanel frontend/x2/cron/editcronsimple.html command1 Parameter CSRF
707| [43854] cPanel frontend/x/manpage.html Query String XSS
708| [40512] cPanel dohtaccess.html rurl Parameter XSS
709| [39286] Dada Mail cpanel Mass Add/DL Subscriber XSS
710| [36468] cPanel frontend/x/htaccess/changepro.html resname Parameter XSS
711| [35861] cPanel Simple CGI Wrapper Direct Request Path Disclosure
712| [35860] cPanel Simple CGI Wrapper URI XSS
713| [35750] cPanel scripts2/objcache objcache Parameter Remote File Inclusion
714| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
715| [35036] Fantastico for cPanel includes/load_language.php userlanguage Parameter Traversal Local File Inclusion
716| [33240] cPanel WebHost Manager (WHM) scripts2/objcache obj Variable Arbitrary Limited File Overwrite
717| [33239] cPanel WebHost Manager (WHM) scripts/rearrangeacct domain Parameter XSS
718| [33238] cPanel WebHost Manager (WHM) scripts2/dofeaturemanager feature Parameter XSS
719| [33237] cPanel WebHost Manager (WHM) scripts2/limitbw domain Parameter XSS
720| [33236] cPanel WebHost Manager (WHM) scripts2/changeemail domain Parameter XSS
721| [33235] cPanel err/erredit.html dir Parameter XSS
722| [33234] cPanel cpanelpro/dohtaccess.html dir Parameter XSS
723| [33233] cPanel mail/pops.html domain Parameter XSS
724| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
725| [32043] cPanel scripts2/objcache objcache Parameter XSS
726| [32042] cPanel BoxTrapper /mail/manage.html account Parameter XSS
727| [31835] cPanel PHP OpenBaseDir Configuration Local Access Restriction Bypass
728| [31757] cPanel WebHost Manager (WHM) park ndomain Parameter XSS
729| [31756] cPanel WebHost Manager (WHM) dofeaturemanager feature Parameter XSS
730| [31755] cPanel WebHost Manager (WHM) editzone domain Parameter XSS
731| [31754] cPanel WebHost Manager (WHM) domts2 domain Parameter XSS
732| [31753] cPanel WebHost Manager (WHM) editpkg pkg Parameter XSS
733| [31752] cPanel WebHost Manager (WHM) addon_configsupport.cgi supporturl Parameter XSS
734| [31751] cPanel WebHost Manager (WHM) dochangeemail email Parameter XSS
735| [30586] cPanel dnslook.html dns Parameter XSS
736| [30387] cPanel newuser.html Multiple Parameter XSS
737| [30386] cPanel seldir.html dir Parameter XSS
738| [30048] cPanel editzonetemplate template Parameter XSS
739| [30047] cPanel dosetmytheme theme Parameter XSS
740| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
741| [29072] cPanel Multiple Password User Authentication Weakness
742| [28043] cPanel showfile.html file Parameter XSS
743| [28042] cPanel editit.html file Parameter XSS
744| [28041] cPanel dohtaccess.html dir Parameter XSS
745| [26866] cPanel select.html file Parameter XSS
746| [24056] Fantastico cPanel Add-on Script Installation Failure Path Disclosure
747| [22972] cPanel Null Login Administrator Username Disclosure
748| [22971] cPanel dowebmailforward.cgi fwd Parameter XSS
749| [22940] cPanel handle.html Multiple Field XSS
750| [22939] cPanel detailbw.html target Parameter XSS
751| [22938] cPanel diskusage.html showtree Parameter XSS
752| [22937] cPanel dodelpop.html email Parameter XSS
753| [22936] cPanel editquota.html email Parameter XSS
754| [22906] cPanel webmailaging.cgi numdays Parameter XSS
755| [20459] cPanel Entropy Chat Message Field XSS
756| [18661] cPanel Common Password Cross Domain Privilege Escalation
757| [17399] cPanel cpsrvd.pl user Parameter XSS
758| [15298] cPanel/WHM SSH Port Forwarding Anonymous Proxy
759| [11043] cPanel Webmail Truncated Password Weakness
760| [10962] cPanel Frontpage _private Symlink Arbitrary File Permission Modification
761| [10961] cPanel Frontpage .htaccess Hardlink Arbitrary File Owernship Modification
762| [10960] cPanel Backup Feature Hardlink Arbitrary File Access
763| [7665] cPanel whm Password File Locking Issue
764| [7006] cPanel passwd Script Unauthorized Database Password Change
765| [6946] cPanel detailbw.html Multiple Parameter XSS
766| [6945] cPanel detailsubbw.html Multiple Parameter XSS
767| [6944] cPanel bwday.html Multiple Parameter XSS
768| [6943] cPanel detailsubbw.html View Unauthorized Domain Statistics
769| [6942] cPanel bwday.html View Unauthorized Domain Statistics
770| [6941] cPanel detailbw.html View Unauthorized Domain Statistics
771| [6940] cPanel suEXEC Privilege Escalation
772| [6712] cPanel killacct Script Arbitrary DNS Deletion
773| [6418] cPanel mod_phpsuexec Arbitrary Code Execution
774| [4530] cPanel addhandle.html handle Parameter XSS
775| [4529] cPanel dodelautores.html email Parameter XSS
776| [4244] cPanel htaccess/index.html dir Parameter XSS
777| [4243] cPanel del.html account Parameter XSS
778| [4222] cPanel Formail-clone E-Mail Relay
779| [4220] cPanel guestbook.cgi template Variable Arbitrary Command Execution
780| [4219] cPanel dohtaccess.html dir Parameter XSS
781| [4218] cPanel Login Page user Parameter Arbitrary Command Execution
782| [4217] cPanel editmsg.html Arbitrary File Access
783| [4216] cPanel erredit.html Arbitrary File Access
784| [4215] cPanel editmsg.html account Parameter XSS
785| [4214] cPanel doaddftp.html login Parameter XSS
786| [4213] cPanel repairdb.html db Parameter XSS
787| [4212] cPanel showlog.html account Parameter XSS
788| [4211] cPanel ignorelist.html account Parameter XSS
789| [4210] cPanel dnslook.html dns Parameter XSS
790| [4209] cPanel erredit.html file Parameter XSS
791| [4208] cPanel testfile.html email Parameter XSS
792| [4205] cPanel resetpass Arbitrary Command Execution
793| [2277] cPanel Error Log Malicious HTML Tags Injection
794|_