CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2007-4022 – cPanel 10.9.1 - 'Resname' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4022
26 Jul 2007 — Cross-site scripting (XSS) vulnerability in frontend/x/htaccess/changepro.html in cPanel 10.9.1 allows remote attackers to inject arbitrary web script or HTML via the resname parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el frontend/x/htaccess/changepro.html del cPanel 10.9.1 permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través del parámetro resname. • https://www.exploit-db.com/exploits/30380 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3366
https://notcve.org/view.php?id=CVE-2007-3366
22 Jun 2007 — Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, perm... • http://osvdb.org/35860 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3367
https://notcve.org/view.php?id=CVE-2007-3367
22 Jun 2007 — Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to obtain sensitive information via a direct request, which reveals the path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Simple CGI Wrapper (scgiwrap) de cPanel versiones anteriores a 10.9.1, y 11.x versiones anteriores a 11.4.19-R14378, permite a atacantes remotos obtener información confidencial mediante u... • http://osvdb.org/35861 •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 3CVE-2006-6523 – cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6523
14 Dec 2006 — Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mail/manage.html en BoxTrapper en cPanel 11 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro account. • https://www.exploit-db.com/exploits/29237 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2006-5883 – cPanel 10 - 'newuser.html' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5883
14 Nov 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante el (1) parámetro dir en (a) seldir.html, y los parámetros (2) user y (... • https://www.exploit-db.com/exploits/28983 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2006-5535 – cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5535
26 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. Vulnerabilidades múltiples de cruce de sitios en scripts (XSS) en WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 permiten a atacantes remotos inyectar scripts WEB o HTML mediante 1) parámetro theme en scripts/dosetmytheme y (2) parámetro... • https://www.exploit-db.com/exploits/28843 •
CVSS: 9.0EPSS: 2%CPEs: 19EXPL: 1CVE-2006-5014 – cPanel 10.8.x - cpwrap via MySQLAdmin Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-5014
27 Sep 2006 — Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. Vulnerabilidad no especificada en cPanel anterior a 10.9.0 12 Tree permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados en (1) mysqladmin y (2) hooksadmin. • https://www.exploit-db.com/exploits/2466 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 4CVE-2006-4293 – cPanel 10.x - 'dohtaccess.html?dir' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-4293
22 Aug 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) dir de dohtaccess.html, o el parámetro (2) file en (a) editit.html ... • https://www.exploit-db.com/exploits/28413 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3337 – cPanel 10 - Select.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3337
03 Jul 2006 — Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en frontend/x/files/select.html en cPanel v10.8.2-CURRENT 118 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "file". • https://www.exploit-db.com/exploits/28107 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2825
https://notcve.org/view.php?id=CVE-2006-2825
05 Jun 2006 — cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html •