CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2017-5613
https://notcve.org/view.php?id=CVE-2017-5613
03 Mar 2017 — Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. Vulnerabilidad de cadena de formato en cgiemail y cgiecho permite a atacantes remotos ejecutar código arbitrario a través de especificadores de cadena de formato en un archivo plantilla. • http://www.openwall.com/lists/oss-security/2017/01/28/8 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5615
https://notcve.org/view.php?id=CVE-2017-5615
03 Mar 2017 — cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. cgiemail y cgiecho permiten a atacantes remotos inyectar cabeceras HTTP a través de un carácter de nueva línea en la ubicación de redireccionamiento. • http://www.openwall.com/lists/oss-security/2017/01/28/8 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5616
https://notcve.org/view.php?id=CVE-2017-5616
03 Mar 2017 — Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. Vulnerabilidad de XSS en cgiemail y cgiecho permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro addendum. • http://www.openwall.com/lists/oss-security/2017/01/28/8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 2CVE-2009-4823 – cPanel 11.x - 'fileop' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-4823
27 Apr 2010 — Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en frontend/x3/files/fileop.html en cPanel 11.0 a 11.24.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "fileop". • https://www.exploit-db.com/exploits/33417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 3CVE-2008-7142 – cPanel 11.18.3 - List Directories and Folders Information Disclosure
https://notcve.org/view.php?id=CVE-2008-7142
01 Sep 2009 — Absolute path traversal vulnerability in the Disk Usage module (frontend/x/diskusage/index.html) in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter. Vulnerabilidad de salto de directorio absoluto en el módulo isk Usage (frontend/x/diskusage/index.html) en cPanel v11.18.3 permite a atacantes remotos listar directorios arbitrariamente a través del parámetro showtree. • https://www.exploit-db.com/exploits/31439 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 3CVE-2008-6926 – cPanel 11.x - Cross-Site Scripting / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6926
10 Aug 2009 — Directory traversal vulnerability in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the scriptpath_show parameter in a GoAhead action. NOTE: this issue only crosses privilege boundaries when security settings such as disable_functions and safe_mode are active, since exploitation requires uploading of executable code to a home directory. Una vulnerabilidad de salto de di... • https://www.exploit-db.com/exploits/6897 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6927 – cPanel 11.x - Cross-Site Scripting / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6927
10 Aug 2009 — Multiple cross-site scripting (XSS) vulnerabilities in autoinstall4imagesgalleryupgrade.php in the Fantastico De Luxe Module for cPanel allow remote attackers to inject arbitrary web script or HTML via the (1) localapp, (2) updatedir, (3) scriptpath_show, (4) domain_show, (5) thispage, (6) thisapp, and (7) currentversion parameters in an Upgrade action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en autoinstall4imagesgalleryupgrade.php en el módulo Fantastico De Luxe para c... • https://www.exploit-db.com/exploits/6897 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 2CVE-2008-6843 – Fantastico - 'index.php' Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6843
02 Jul 2009 — Directory traversal vulnerability in index.php in Fantastico, as used with cPanel 11.x, allows remote attackers to read arbitrary files via a .. (dot dot) in the sup3r parameter. Vulnerabilidad de salto de directorio en index.php en Fantastico, utilizado con cPanel v11.x, permite a los atacantes remotos leer arbitrariamente archivos a través de ..(punto punto) en el parámetro sup3r. • https://www.exploit-db.com/exploits/32632 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2009-2275 – cPanel - (Authenticated) 'lastvisit.html Domain' Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2009-2275
01 Jul 2009 — Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter. Vulnerabilidad de salto de directorio en frontend/x3/stats/lastvisit.html en cPanel, permite a atacantes remotos leer archivos de su elección a través de ..(punto punto) en el parámetro "domain". • https://www.exploit-db.com/exploits/9039 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 5%CPEs: 2EXPL: 2CVE-2008-2478 – cPanel 11.21 - 'wwwact' Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-2478
28 May 2008 — scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel. ** CUESTIONADA ** scripts/wwwacct en cPanel 11.18.6 STABLE y anteriores, y 11.23.1 CURRENT y anteriores, permite a usuarios autenti... • https://www.exploit-db.com/exploits/31807 • CWE-94: Improper Control of Generation of Code ('Code Injection') •