CVSS: 9.1EPSS: 10%CPEs: 1EXPL: 2CVE-2007-0854
https://notcve.org/view.php?id=CVE-2007-0854
08 Feb 2007 — Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents. Una vulnerabilidad de inclusión remota de archivos en scripts2/objcache en WebHost Manager (WHM) de cPanel permite a los atacant... • http://changelog.cpanel.net/index.cgi • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6548
https://notcve.org/view.php?id=CVE-2006-6548
14 Dec 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel WebHost Manager (WHM) 3.1.0 permite a atacantes remotos autent... • http://securityreason.com/securityalert/2027 •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 3CVE-2006-6523 – cPanel 11 BoxTrapper - Manage.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6523
14 Dec 2006 — Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mail/manage.html en BoxTrapper en cPanel 11 permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro account. • https://www.exploit-db.com/exploits/29237 •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 9CVE-2006-6198 – cPanel WebHost Manager 3.1 - 'addon_configsupport.cgi?supporturl' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-6198
01 Dec 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/p... • https://www.exploit-db.com/exploits/29183 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2006-5883 – cPanel 10 - 'newuser.html' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-5883
14 Nov 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante el (1) parámetro dir en (a) seldir.html, y los parámetros (2) user y (... • https://www.exploit-db.com/exploits/28983 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2006-5535 – cPanel 10.9 - 'dosetmytheme?theme' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-5535
26 Oct 2006 — Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. Vulnerabilidades múltiples de cruce de sitios en scripts (XSS) en WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 permiten a atacantes remotos inyectar scripts WEB o HTML mediante 1) parámetro theme en scripts/dosetmytheme y (2) parámetro... • https://www.exploit-db.com/exploits/28843 •
CVSS: 9.0EPSS: 2%CPEs: 19EXPL: 1CVE-2006-5014 – cPanel 10.8.x - cpwrap via MySQLAdmin Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-5014
27 Sep 2006 — Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. Vulnerabilidad no especificada en cPanel anterior a 10.9.0 12 Tree permite a usuarios remotos autenticados obtener privilegios mediante vectores no especificados en (1) mysqladmin y (2) hooksadmin. • https://www.exploit-db.com/exploits/2466 •
CVSS: 6.1EPSS: 1%CPEs: 1EXPL: 4CVE-2006-4293 – cPanel 10.x - 'dohtaccess.html?dir' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-4293
22 Aug 2006 — Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en cPanel 10 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro (1) dir de dohtaccess.html, o el parámetro (2) file en (a) editit.html ... • https://www.exploit-db.com/exploits/28413 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-3337 – cPanel 10 - Select.HTML Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-3337
03 Jul 2006 — Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. Una vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en frontend/x/files/select.html en cPanel v10.8.2-CURRENT 118 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro "file". • https://www.exploit-db.com/exploits/28107 •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-2825
https://notcve.org/view.php?id=CVE-2006-2825
05 Jun 2006 — cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. • http://archives.neohapsis.com/archives/bugtraq/2006-05/0402.html •