Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within the .cpaddons sub-directory, a …
cPanel TSR-2014-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
Case 93317 Summary Limited SQL injection vulnerability in LeechProtect. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description The LeechProtect subsystem built into cPanel & WHM systems allows a website owner to disable HTTP logins for accounts that log in from too many distinct IP …
cPanel TSR-2014-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
TSR-2014-0004 Full Disclosure Case 78301 Summary Correct patch for CVE-2002-1575 in cgiemail. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description cPanel & WHM includes a copy of Bruce Lewis’ cgiemail version 1.6. This version of cgiemail was vulnerable to CVE-2002-1575, allowing remote unauthenticated attackers …
TSR-2014-0004 cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging …
Case 85329 Summary Sensitive information disclosed via multiple log files. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description Several log files on cPanel & WHM systems were created with default world-readable permissions. These log files include both sensitive internal data such as stack traces …
cPanel TSR-2014-0003 Notice of Delay in Disclosure Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week. This change will apply to TSR-2014-0003 and all …
cPanel TSR-2014-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
cPanel TSR 2014-0002 Full Disclosure Case 89985 Summary Disclosure of cpanel-horde’s MySQL password due to world-readable backups. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is …
cPanel TSR-2014-0002 Announcement cPanel has released a new build for the 11.42, CURRENT, and EDGE update tiers. This update provides targeted changes to address security concerns with the 11.42 release of the cPanel & WHM product. This build is currently available to all customers via the standard update system. cPanel …
Case 84385 Summary Arbitrary code execution as cpanel-horde user via cache file poisioning. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default …
Case 84681 Summary Arbitrary file read for ACL limited reseller accounts via XML-API. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The WHM XML and JSON APIs allowed arbitrary files to be read through the “getpkginfo” API call. By sending a crafted input to …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels of Important. …
Case 60890 Summary A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
61 queries. 8.75 mb Memory usage. 1.633 seconds.