Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By manipulating symbolic links within the .cpaddons sub-directory, a …
Case 93317 Summary Limited SQL injection vulnerability in LeechProtect. Security Rating cPanel has assigned a Security Level of Minor to this vulnerability. Description The LeechProtect subsystem built into cPanel & WHM systems allows a website owner to disable HTTP logins for accounts that log in from too many distinct IP …
TSR-2014-0004 Full Disclosure Case 78301 Summary Correct patch for CVE-2002-1575 in cgiemail. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description cPanel & WHM includes a copy of Bruce Lewis’ cgiemail version 1.6. This version of cgiemail was vulnerable to CVE-2002-1575, allowing remote unauthenticated attackers …
Case 85329 Summary Sensitive information disclosed via multiple log files. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description Several log files on cPanel & WHM systems were created with default world-readable permissions. These log files include both sensitive internal data such as stack traces …
cPanel TSR 2014-0002 Full Disclosure Case 89985 Summary Disclosure of cpanel-horde’s MySQL password due to world-readable backups. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is …
Case 84681 Summary Arbitrary file read for ACL limited reseller accounts via XML-API. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The WHM XML and JSON APIs allowed arbitrary files to be read through the “getpkginfo” API call. By sending a crafted input to …
Case 69513 Summary World writable Logaholic directories allowed arbitrary code execution in varied contexts. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description Multiple directories within /usr/local/cpanel/base/3rdparty/Logaholic were set world writable by default with permissions of 777. These directories contained, among other items, the global …
TSR-2013-0009 Detailed Disclosure The following disclosure covers Targeted Security Release TSR-2013-0009, that was published on August 27th, 2013. Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 73377 Summary An account’s cpmove archives were …
The following disclosure covers the TSR-2013-008, the Targeted Security Release published on July 15th, 2013. Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 71121 Summary The Squirrelmail Webmail session file contained plain text …
60 queries. 8.75 mb Memory usage. 0.585 seconds.