Vendor Dictionary: cPanel, Inc.

cPanel, Inc.

Short Name:	cPanel
Previous Names:	[None Entered]
URL:	http://www.cpanel.net [visit link]
Email:	infocpanel.com
Security URL:	http://cpanel.net/security/ [visit link]
Security Email:	securitycpanel.net
Knowledge Base:	http://www.cpanel.net/support/ [visit link]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

cPanel, Inc.

cPanel, Inc.

WebHost Manager: 11.34.0; OSVDB ID: 88773 cPanel WebHost Manager (WHM) /webmail/x3/mail/clientconf.html acct Parameter XSS; Unspecified; OSVDB ID: 88872 cPanel WebHost Manager (WHM) /webmail/x3/mail/filters/editfilter.html filtername Parameter XSS

cPanel: 6.4.2; OSVDB ID: 2277 cPanel Error Log Malicious HTML Tags Injection; OSVDB ID: 4222 cPanel Formail-clone E-Mail Relay; 9.1.0-RELEASE 34; OSVDB ID: 4205 cPanel resetpass Arbitrary Command Execution; OSVDB ID: 4218 cPanel Login Page user Parameter Arbitrary Command Execution; 9.1.0-RELEASE 57; OSVDB ID: 4216 cPanel erredit.html Arbitrary File Access; OSVDB ID: 4217 cPanel editmsg.html Arbitrary File Access; OSVDB ID: 4219 cPanel dohtaccess.html dir Parameter XSS; OSVDB ID: 4244 cPanel htaccess/index.html dir Parameter XSS; OSVDB ID: 4208 cPanel testfile.html email Parameter XSS; OSVDB ID: 4209 cPanel erredit.html file Parameter XSS; OSVDB ID: 4210 cPanel dnslook.html dns Parameter XSS; OSVDB ID: 4211 cPanel ignorelist.html account Parameter XSS; OSVDB ID: 4212 cPanel showlog.html account Parameter XSS; OSVDB ID: 4213 cPanel repairdb.html db Parameter XSS; OSVDB ID: 4214 cPanel doaddftp.html login Parameter XSS; OSVDB ID: 4215 cPanel editmsg.html account Parameter XSS; OSVDB ID: 4243 cPanel del.html account Parameter XSS; 5.0; OSVDB ID: 4220 cPanel guestbook.cgi template Variable Arbitrary Command Execution; 5.x; OSVDB ID: 4221 Open Webmail oom Script Privilege Escalation; OSVDB ID: 4222 cPanel Formail-clone E-Mail Relay; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 6.0; OSVDB ID: 4222 cPanel Formail-clone E-Mail Relay; 6.2; OSVDB ID: 4222 cPanel Formail-clone E-Mail Relay; 6.4; OSVDB ID: 4222 cPanel Formail-clone E-Mail Relay; 6.4.1; OSVDB ID: 4222 cPanel Formail-clone E-Mail Relay; 9.1.0-STABLE 93; OSVDB ID: 4529 cPanel dodelautores.html email Parameter XSS; OSVDB ID: 4530 cPanel addhandle.html handle Parameter XSS; 6.x; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 7.x; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 8.x; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 9.1.x; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 9.2.0 build 1; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 9.2.0 build 2; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 9.2.0 build 3; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 9.2.0 build 4; OSVDB ID: 6418 cPanel mod_phpsuexec Arbitrary Code Execution; 9.3.0-RELEASE_104; OSVDB ID: 6712 cPanel killacct Script Arbitrary DNS Deletion; Unknown or Unspecified; OSVDB ID: 6942 cPanel bwday.html View Unauthorized Domain Statistics; OSVDB ID: 22906 cPanel webmailaging.cgi numdays Parameter XSS; OSVDB ID: 22971 cPanel dowebmailforward.cgi fwd Parameter XSS; 9.3.0-RELEASE x; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 1; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 10; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 14; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 15; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 19; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 21; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; OSVDB ID: 6946 cPanel detailbw.html Multiple Parameter XSS; 9.4.0-RELEASE 3; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 4; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 7; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.4.0-RELEASE 8; OSVDB ID: 6944 cPanel bwday.html Multiple Parameter XSS; 9.2.0-STABLE 25; OSVDB ID: 7006 cPanel passwd Script Unauthorized Database Password Change; OSVDB ID: 6945 cPanel detailsubbw.html Multiple Parameter XSS; 8.5.4-EDGE_3; OSVDB ID: 7665 cPanel whm Password File Locking Issue; 10.2.0-R82; OSVDB ID: 17399 cPanel cpsrvd.pl user Parameter XSS; OSVDB ID: 20459 cPanel Entropy Chat Message Field XSS; 10.6.0-R137; OSVDB ID: 20459 cPanel Entropy Chat Message Field XSS; 10.8.1-STABLE_114; OSVDB ID: 22936 cPanel editquota.html email Parameter XSS; OSVDB ID: 22937 cPanel dodelpop.html email Parameter XSS; OSVDB ID: 22938 cPanel diskusage.html showtree Parameter XSS; OSVDB ID: 22939 cPanel detailbw.html target Parameter XSS; OSVDB ID: 22940 cPanel handle.html Multiple Field XSS; 10; OSVDB ID: 28041 cPanel dohtaccess.html dir Parameter XSS; OSVDB ID: 28042 cPanel editit.html file Parameter XSS; OSVDB ID: 28043 cPanel showfile.html file Parameter XSS; OSVDB ID: 30386 cPanel seldir.html dir Parameter XSS; OSVDB ID: 30387 cPanel newuser.html Multiple Parameter XSS; Unspecified; OSVDB ID: 82611 cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation; 11.32.3.17; OSVDB ID: 82646 cPanel cPDAVd Filename Parsing Remote Code Execution; 11.32.2.27; OSVDB ID: 82646 cPanel cPDAVd Filename Parsing Remote Code Execution; 11.30.6.7; OSVDB ID: 82646 cPanel cPDAVd Filename Parsing Remote Code Execution; 11.30.7.3; OSVDB ID: 88125 cPanel Multiple Unspecified Issues; 11.32.5.14; OSVDB ID: 88125 cPanel Multiple Unspecified Issues; 11.34.0.10; OSVDB ID: 88125 cPanel Multiple Unspecified Issues; 11.34.0.8; OSVDB ID: 88749 cPanel frontend/x3/mail/manage.html account Parameter XSS; Unspecified; OSVDB ID: 88820 cPanel dir.html dir Parameter XSS

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.