| # | VER | L/R | AUTH | S | REPORTED | TYPE | DESCRIPTION |
| 01 | 10.9.x-S??? | L | N | N | 09/??/2006 | permissions | world readable modsecparse.pl contains modsec db user/pass |
| 02 | 10.9.x-S??? | L | N | Y | 09/??/2006 | symlink | overwrite any single file via modsecparse.pl once an hour |
| 03 | 10.9.x-S??? | L | N | N | 09/??/2006 | permissions | world readable modsec.user.conf when installed via WHM |
| 04 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
| 05 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
| 06 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
| 07 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
| 08 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
| 09 | 10.9.x-S??? | - | - | N | 11/23/2006 | XSS | cPanel Pro XSS |
| 10 | 10.9.0-S119 | L | Y,N | N | 03/14/2007 | permissions | random world readable /etc/proftpd files, inc. non cp user hashes |
| 11 | ? | - | - | N | 06/??/2007 | info leak | addon domain password logged to the cPanel access_log |
| 12 | 11.11.0-C16774 | R | N | N | 09/05/2007 | XSS | tweakcphulk.cgi XSS |
| 13 | 11.11.0-S16789 | L | Y | N | 09/07/2007 | symlink | resellers could overwrite or create any file via ~/.sharedcrtname |
| 14 | 11.11.0-S16999 | L | Y | N | 10/01/2007 | design issue | cPanel logging bypass |
| 15 | 11.15.0-R17853 | L | N | Y | 11/03/2007 | race condition | easyapache Utils.pm race condition |
| 16 | ? | L | Y | N | unreported | symlink | overwrite any file via ~/.cpanel-datastore dig and mysql files |
| 17 | 11.15.0-R17853 | L | Y | N | 11/18/2007 | symlink | view first line of any file via ~/.contactemail |
| 18 | 11.15.0-R17853 | L | N | N | 11/18/2007 | XSS | /scripts2/top XSS |
| 19 | 11.15.0-R17853 | L | N | N | 11/18/2007 | XSS | /scripts/simpleps XSS |
| 20 | 11.15.0-R17853 | L | Y | N | 11/18/2007 | symlink | view any file via ~/.sharedcrtname |
| 21 | 11.15.0-R18420 | L | N | N | 12/13/2007 | symlink | view any line from /etc/shadow via mailroutewrap |
| 22 | ? | - | - | N | 02/08/2008 | info leak | plain text root password logged to cPanel access_log |
| 23 | 11.18.1-E20683 | L | Y | N | 02/14/2008 | design issue | hijack DNS zone of server via Modify An Account |
| 24 | 11.19.0-E20931 | L | Y | N | 02/19/2008 | design issue | install ssl cert of server |
| 25 | 11.19.0-E20931 | L | Y | N | 02/19/2008 | design issue | overwrite crt, key, and csr of server |
| 26 | 11.19.1-D21586 | L | Y | N | 03/08/2008 | symlink | access any cPanel/WHM account via Horde + cPanel flaws |
| 27 | ? | L | Y | N | 03/16/2008 | XSS | /scripts/suspendlist XSS |
| 28 | ? | L | Y | N | 03/17/2008 | XSS | /scripts2/getssldata XSS |
| 29 | 11.18.3-S21703 | L | Y | N | 03/19/2008 | design issue | cPanel access_log username logging bypass |
| 30 | 11.18.3-S21703 | R | N | N | 03/21/2008 | info leak | remotely obtain cPanel username |
| 31 | ? | L | N | N | 04/07/2008 | design issue | obtain WHM usernames and passwords via hijacking the unpriv cPanel ports |
| 32 | 11.22.0-B23297 | L | Y | N | 04/11/2008 | design issue | hijack zone, snoop SSL key |
| 33 | 11.18.3-C23661 | L | N | N | 04/23/2008 | permissions | ClamAV insecure permissions |
| 34 | 11.23.1-E24268 | L | N | N | 05/11/2008 | symlink | bytes_log DoS |
| 35 | 11.23.1-E24268 | L | Y | N | 05/14/2008 | symlink | theme overwrite |
| 36 | 11.23.1-E24268 | L | Y | N | 05/14/2008 | symlink | validate file existence |
| 37 | 11.23.1-E24526 | L | Y | N | 05/19/2008 | symlink | insecure openssl .rnd file |
| 38 | 11.23.1-E24773 | L | - | N | 05/22/2008 | design issue | cPanel daemons insecure $PATH |
| 39 | 11.23.1-E24773 | - | - | N | 05/26/2008 | XSS | cPanel download XSS |
| 40 | 11.23.4-E26139 | L | N | Y | 07/28/2008 | symlink | suexec bypass (entropysearch.cgi) |
| 41 | 11.23.4-E26139 | L | N | N | 08/01/2008 | symlink | suexec bypass (guestbook.cgi) |
| 42 | 11.23.4-C26138 | L | N | N | 08/06/2008 | symlink | insecure PEAR implementation |
| 43 | 11.23.6-E26881 | L | Y | N | 08/29/2008 | design issue | uid and gid reuse issues |
| 44 | 11.24.7-B34914 | L | N | Y | 03/29/2009 | design issue | /scripts/fixperlscript runs 'perl -c' as root |
| 45 | 11.24.7-B35691 | L | Y | N | 04/30/2009 | design issue | owning virtfs |
| 46 | 11.24.7-B35691 | L | Y | N | 04/30/2009 | design issue | resellers can create root owned accounts |
| 47 | 11.24.7-B35691 | L | Y | N | 04/30/2009 | design issue | resellers can create resellers |
| 48 | 11.24.7-E35784 | L | Y | N | 05/08/2009 | design issue | fun with getgrnam() |
| 49 | 11.25.0-E44589 | L | Y | N | 04/??/2010 | symlink | multiple local roots when uninstalling FrontPage |
| 50 | 11.25.0-E44589 | L | Y | N | 04/??/2010 | permissions | view /etc/shadow when terminating or modifying account |
| 51 | 11.25.0-E44589 | R | N | N | 04/??/2010 | DoS | remotely consume excessive CPU and mem via Exim |
| Trivial | very minor issues |
| Low | XSS, info leaks |
| Medium | destructive actions, access others' accounts |
| High | local root (auth required), /root/.accesshash, /etc/shadow access |
| Less Critical | local root (no auth required) |
| Critical | remote root (no auth required) |
| L/R | Local/Remote |
| Auth | Authentication required |
| S | Bug found via source code review |