CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 2CVE-2008-6843 – Fantastico - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6843
02 Jul 2009 — Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x, permite a los atacantes remotos leer arbitrariamente archivos a través de ..(punto punto) en el parámetro sup3r. • https://www.exploit-db.com/exploits/32632 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 2CVE-2008-2478 – cPanel 11.21 - 'wwwact' Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2478
28 May 2008 — scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel. ** CUESTIONADA ** scripts/wwwacct en cPanel 11.18.6 STABLE y anteriores, y 11.23.1 CURRENT y anteriores, permite a usuarios autenti... • https://www.exploit-db.com/exploits/31807 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 4CVE-2008-2070 – cPanel 11.x - '/scripts2/changeip?user' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2070
09 May 2008 — The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allows remote attackers to bypass XSS protection and inject arbitrary script or HTML via repeated, improperly-ordered "<" and ">" characters in the (1) issue parameter to scripts2/knowlegebase, (2) user parameter to scripts2/changeip, (3) search parameter to scripts2/listaccts, and other unspecified vectors. La interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos evi... • https://www.exploit-db.com/exploits/31772 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2008-2071
https://notcve.org/view.php?id=CVE-2008-2071
09 May 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en la interfaz WHM 11.15.0 para cPanel 11.18 anterior a 11.18.4 y 11.22 anterior a 11.22.3 permite a atacantes remotos realizar acciones si... • http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2008-2043
https://notcve.org/view.php?id=CVE-2008-2043
01 May 2008 — Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en cPanel, posiblemente 11.18.3 y 11.19.3, permite a los ... • http://secunia.com/advisories/30027 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2008-1499 – cPanel 11.18.3/11.21 - 'manpage.html' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1499
25 Mar 2008 — Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en frontend/x/manpage.html de cPanel 11.18.3 y 11.21.0-BETA, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante una cadena de consulta. • https://www.exploit-db.com/exploits/31472 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0370
https://notcve.org/view.php?id=CVE-2008-0370
22 Jan 2008 — Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en dohtaccess.html en cPanel anterior a 11.17 construcción 19417 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro rurl. NOTA: algunos de estos detal... • http://aria-security.net/forum/showthread.php?p=1238 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4022 – cPanel 10.9.1 - 'Resname' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4022
26 Jul 2007 — Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el frontend/x/htaccess/changepro.html del cPanel 10.9.1 permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través del parámetro resname. • https://www.exploit-db.com/exploits/30380 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3366
https://notcve.org/view.php?id=CVE-2007-3366
22 Jun 2007 — Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, perm... • http://osvdb.org/35860 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3367
https://notcve.org/view.php?id=CVE-2007-3367
22 Jun 2007 — Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, permite a atacantes remotos obtener información confidencial mediante u... • http://osvdb.org/35861 •